Table of Contents
2.0 How business information systems are vulnerable to attack and being accessed illegally.
2.1 Limitations in Internet technologies and their usages.
2.2 Limitations in intranet technologies and their usages.
2.3 Limitations of firewall technologies and their usages.
2.3 Virus and malware attacks.
2.4 Spammer attacks.
2.2.1 Way of the hacking security system.
2.3 Purpose of hacking.
3.0 The outcome of attacks and illegal access to business information systems.
3.1 Break down security policy.
3.2 Damage valuable information.
3.3. Compromise communication and operations management
3.4 Create barrier in system development, maintenance and business continuity management
3.5 Detriment reputation and profits.
4.0 Methods used by management to secure information systems from attack and illegal access.
4.1 Develop security control techniques.
4.2 Defining and overseeing the security programs.
4.3 Administering and enforcing the information security process.
4.4 Designing and implementing the methodology.
4.5 Manual and automated mechanisms to define security problems.
4.6 Firewall Systems:
4.7 Making awareness of attacks and unauthorized access to the users.
Organizations tend to have a variety of information requirements in every business at the same time. For example, the top management requires information for business planning, Middle managers need more detailed information to monitor as well as control business activities. Staffs need the information to carry their activities effectively in workplaces (Jessup et al., 2008). As Beynon-Davies (2009) notes, Business information systems refer to the computer application, which is consists of a database, application programs, machine and manual procedures. The key functions of these systems are to process and analyze data for making the appropriate decisions for the business operation. According to Riley (2012), the key types of business information systems are executive support systems, management information systems, decision support systems, knowledge management systems, transaction processing systems, and office automation systems.
Information security has been an important issue in the present digital world. Agarwal and Lucas (2005) state that, the information systems in business organizations are vulnerable to attack and illegally accessed, which impact business operations significantly. In consequence, organizations need to use a variety of methods to avoid illegal access and vulnerability to attack in their business information systems. In addition, the management needs to make effective plans and decisions to maintain their business information systems.
This report has focused on, first, how information systems are being illegally and vulnerable to attack. Second, it emphasizes what methods can be applied to protect business information systems from illegal accesses and vulnerable to attack. Finally, it concentrates on management planning and decision-making to improve the performance of information systems.
2.0 How business information systems are vulnerable to attack and being accessed illegally
2.1 Limitations in Internet technologies and their usages
Security in internet technologies and their usages have been an alarming issue in business information systems. According to Pipkin (2010), when a computer in a business information system connects to the internet, it comes under a significant level of risk. The key reason is an unsecured network which connects people and business organizations and their information systems across the globe. As a result, business information systems in organizations are vulnerable to attack and accessed illegally by unknown users when it is connected to the internet.
2.2 Limitations in intranet technologies and their usages
Cherdantseva and Hilton (2013) state that, most organizations use the intranet, which is a secured private network and connected to the Internet securely. Agarwal and Lucas (2005) say, although an intranet is considered as a secured private network, it may be attacked by malware or any other illegal accesses. For example, companies use websites through which they present their business to the public and consumers. This website is connected with company intranets and the Internet together. In addition, employees internet for sending and receiving emails, using social networks, streaming online video. These activities are connected to the company intranet also, where most of the staff are not concerned about the threats that come from the Internet through the intranet to attack business information systems.
2.3 Limitations of firewall technologies and their usages
In most business information systems firewalls are used to secure its network. However, as Cisco and IronPort (2008) note, in many cases firewall does not have the ability to monitor outgoing traffics, which may include viruses. According to a global security survey conducted by Cisco (2014), 48% of users in business information systems think data can be lost or leaked through firewalls, where 46% scare of phishing and harmful attacks. 86% of users think lack of security mainly using firewall systems is the cause of failure in stakeholders’ activities in business operations. Therefore, as (Deloitte, 2009) notes, company information can be damaged and steal because of firewall weaknesses and weaker intranet technologies.
2.3 Virus and malware attacks
The spread of viruses and malware (which are downloaded from websites and the internet and spread into company information systems without users’ knowledge) is increasing day by day which may slow down the company network traffic and business functions. In addition, viruses and malware may steal and damage business important information, which may increase overall business expenses. According to Cisco and IronPort (2008), new viruses and malware are coming every and attacking business information systems, where it is difficult for the business organizations to detect the new viruses and malware. In these cases, companies may in bigger dangers and damage of business information. According to a survey by Cisco (2012), companies find 90% of inbound emails as spam. When companies find out one system to protect from spam, the spammers find out other ways to deliver, consequently, nowadays it may attack through videos, text files, zip files and office documents, etc. According to research conducted by Google (2013), one in ten websites is infected by malicious codes, where 70% of websites have good reputations and sophisticated security systems but cannot stop virus and malware attacks from outside network.
2.4 Spammer attacks
Kiountouzis and Kokolakis (2012) state that, spammers use attachments and send them to company email inboxes to track the business information. The popular types of attaching files to spammers are mp3 files, excel files, and even PDF files nowadays. In addition, some spammers can use temporary WebPages to attract users. When users click these WebPages, malware and virus-like Trojan may attack the user’s network and computers. As a result, organization’s websites and other parts of business information system can be attacked by the spammers along with company emails………………..