Implementing IT systems and Security Issues that accompany it
It is important to pay close attention to grammatical errors and sentence structure as you compose this
paper. you must also try to use research to support your examples. Use the resources below to help you
in completing this paper. Also take note that they are a series of questions asked hear and you must
clearly respond to each one of them in essay form and remember that a paragraph cannot be anything
less than 5 sentences
IT Risk Mitigation
You have examined the role of IT within the organization, including its impact on the structure of the
company and the ability to increase competitive advantage. But with the new opportunities that IT can
create, there are risks and threats that must be addressed.
- What are the major risks to the organization when implementing and using IT?
- To what degree are IT security risks and business risks interrelated?
- What disadvantages might a business encounter from a “locked-down” IT environment, and how can
these be balanced against the disadvantages of a security breach?
- Also include in your discussion the topic of ethics as it relates to handling consumer or patient data and
Be sure to include examples from your own experience or research you have done in your discussion.
Security Threats 2
What are the major risks to the organization when implementing and using IT?
Cyber criminality is increasingly becoming sophisticated every day. The ever growing
cleverness in the hacking industry has literally become a critical challenge that organisations are
faced with. A survey on cyber security demonstrates that more than 55% of survey
correspondents indicated that cyber molestation and the general criminal activities have grown
immensely. More than 30% of organisations witnessed negative monetary damage resulting from
attacks like hacking and phishing in a period of one year. Organisations should now compete
with a range of hi-tech attacks orchestrated by well structure monetarily driven criminals
(Halliday, Badenhorst & Solms, 1996).
Data violations can culminate to embarrassing disclosures, the threat of clientele identity
theft, and fines or legal dilemmas. In addition cryptographic keys can fall in wrong hands,
granting unauthorized individuals or applications entry to sensitive or important information.
Based on a particular nature of the information, the loss of cryptographic keys can culminate into
critical mishaps that are likely to disorient business operations, the loss of clients and legal
implications. Application-centered key control procedures present only limited security, leaving
sensitive codes and information they safeguard, susceptible to assault. Propagation of fragmented
key control systems can enhance the intricacies and security cost control, leading to business
procedures that are complex to administer and scale. The complexity of reporting obligations can
be enhanced with poorly documented key control.
Security Threats 3
To what degree are IT security risks and business risks interrelated?
As firms globally take advantage of ICT to curtail cost and enhance performance, digital
data can be shared or accessed through interlinked information structures, the threat of
information violation in increasingly concerned (Farahmand et al. 2005). Various major threats
that concern ICT experts and business investors include system malfunctioning, disaster
recovery, data reliability, which are equally concerns of the potential business threats. Security
issues subsist from all assaults that include; connectivity such as; IP spoofing, spamming, and
malicious programs. Such intrusions end up tampering with data, data modification, data
disclosure and service interruption on power grids and even physical harms like was the case of
Staxnet, which dealt a heavy blow on the Iranian nukes. In fact, malware technology has become
so lethal that it can now create a physical destruction. With the enormity of such security threats
in an IT setting, the business fraternity remain vulnerable especially in the absence of security
analysis. Firms will still be vulnerable if they fail to implement a comprehensive security plan.
As Tran and Atkinson (2002) state, business environments are fitted with some proficient
security measures like data encryption, security socket layer (SSL) protocol to encode the
transmission, and biometric validation that manages the physical entry.
What disadvantages might a business encounter from a “locked-down” IT environment,
and how can these be balanced against the disadvantages of a security breach?
Firms that are run on heavy computerized networks would be disadvantaged with a
locked down IT setting. Nonetheless, the limitation of such backdrops is the rigidity of
Security Threats 4
application updates. IT experts should come in to decide a balance between practicality, fee,
comfort, as well as safety measures as the “locked down” IT environment expects managerial
leadership. Information and Technology experts require utmost support from the managerial that
should comprehend the potential threats. By and large, implementing a locked down IT
framework will be instrumental for the business. Most companies should take advantages of
Microsoft Windows 2008 to ensure security is guaranteed. Apart from the Cisco firewall, online
activities should be validated with SSL apart from static web server (Tran and Atkinson, 2002).
Moreover, the issue of security can be enhanced by redirecting emails through virus interceptors
and spam filters prior to hitting the front end substitution of all incoming emails. While personal
emails should not be allowed within the corporate systems, the organization should implement
programs that filter spamming and safeguard web traffic.
Ethics as it relates to handling consumer or patient data and intellectual property
The truth is that humans tend to abuse the technology per se by simply abusing the best
practices. Human virus can alter how applications work, like tampering with payroll information
to enhance the wage bill. This can be done by administrators on the back-end, to alter figures
without any documentation. This is to say personnel represent the highest risks particularly when
they abuse their rights and professional ethics (Farahmand et al. 2005). At that point, it becomes
paramount to implement safety assessment in almost all structures and networks through an
independent party to preclude the issue of unethical behaviors as well as practices.
Security Threats 5
Farahmand, F., Navathe, S. B., Sharp, G. P., & Enslow, P. H. (2005). A management perspective
on risk of security threats to information systems. Information Technology and
Management, 6 (2–3).
Halliday, S., Badenhorst, K., & Solms, R. (1996). A business approach to effective information
technology risk analysis and management. Information Management & Computer
Security, 4(1). Retrieved from ABI/INFORM Global database.
Management Information Systems for the Information Age Chapter 8, “Protecting People and
Information: Threats and Safeguards,” pages 356–365
Tran, E., & Atkinson, M. (2002). Security of personal data across national borders. Information
Management & Computer Security, 10 (5)