Essay Example of Info Systems & Cyber Security

Here is a sample that showcases why we are one of the world’s leading academic writing firms. This assignment was created by one of our UK assignment writers and demonstrated the highest academic quality. Place your order today to achieve academic greatness.

Area of Discussion 1: Ethical, social and political issues are raised by information systems. Information technology infrastructure

Contemporary technologies in information are bringing about improvements through which no laws or standards of suitable behavior have been recognized. Corporate and individual actions take a higher impact and effectiveness with the emergence of technology resources, network capabilities, storage, and the internet. The emergence of modern information technology seems to have a surging impact, resulting in modern social, political, and ethical concerns that should be considered on a social, political, and individual level. Information obligations and rights, property obligations and rights, system quality, accountability, control, and quality of life are the moral aspects of such concerns (Harkins, 2013).

Social, political, and ethical concerns in information systems are all interrelated. People who must adopt a course of action are challenged with several ethical difficulties, which usually arise when more than one ethical concern are in a dilemma. With the development of community expectations of people regarding the appropriate course of conduct, social concerns emerge from ethical concerns. Political issues also emerge with social disagreement and are initially concerned with rules that dictate behavior and strive to utilize the laws to establish scenarios in which people behave appropriately (Harkins, 2013).

The Golden Rule, Immanuel Kant’s Categorical Imperative, Descartes’ rule of change, the Utilitarian Rule, the Risk Aversion Principle and the ethical “no free lunch” rule are some of the fundamental guidelines for conduct that could be utilized to govern ethical decision making.

These rules are frequently utilized in conjunction with ethical analysis to assure that ethical decision-making is successful. According to the Golden Rule People should act in the same manner they would expect others to behave when engaging, according to the Golden Rule. According to Immanuel Kant’s Categorical Imperative, whenever an activity does not consider the concerns of all parties, it is not beneficial for everybody (Harkins, 2013).

According to Descartes’ Principle of Change, whenever an activity is not suited to be performed, it must be ignored. The Utilitarian Rule states that the alternative with the highest value must be prioritized. Whereas the Risk Aversion Rule states that activities that are costly and impose the least harmful consequences must be prioritized. The no-free-lunch rule assumes somebody else owns practically all intangible and tangible assets unless there is a formal affirmation to the contrary (Harkins, 2013).

Area of Discussion 2: Introduction to risk for cyber security

The main cybersecurity threats can be categorized into five types, namely; commodity threats, hacktivists, organized crime, espionage, and cyberwar. Commodity threats include; ransomware, trojans, worms, random malware, viruses, and botnets. Malicious software known as ransomware are used to take control of a target computer system and database and demand ransom payment to give back the access of the system (Antón, Anderson, Mesic, & Scheiern, 2003). 

Today cyber attackers act anonymously, however, they are criminals and are often motivated to get financial gain. The cyber criminals can be categorized into seven types, namely; hackers, scammers/phishers, political/religious criminals, cyber warfare attackers, personal avengers, Advanced Persistent Threat (APT) Agents, and Wannabe hackers (Script kiddies). For example, hackers hack the systems anonymously and take control over a system, and may not have any criminal motives.

For instance, phishers send fake official emails of a bank and victims ends up giving their login details and passwords. Scammers tend to make you pay by tricking into believing they are from an organisation/ or a person you know, by urging you to pay immediately (Antón et al., 2003). 

There are different motivations of cyber criminals, such as; power assurance, power assertive, anger (to seek revenge), sadistic (to get pressure by making others suffer) and profit-oriented. Cyber criminals can gain access to different types of information such as; personal data such as debit/credit cards, bank details, financial information, contracts, bills, emails, instant messages, contacts, phone numbers, username and password of online/social media accounts, sensitive photos, and other private information which can be used for blackmailing. 

It is important to address cybersecurity threats so that private and customer data and clients’ trust can be protected. Moreover, if cybersecurity breach occurs then it is costly to recover the stolen data, therefore it is necessary to ensure cybersecurity (Antón et al., 2003). 

The key cybercrime issues are associated with information systems vulnerabilities which are exploited by the cybercriminals to achieve cyber breach. These are weaknesses of organisations that they have information security vulnerabilities, which make them vulnerable to cybersecurity risk. 

Examples of information systems vulnerabilities that can lead to systems fragility include, lack of training and understanding of IT department and employees, lack of preparedness for security risks, and overload of IT departments which are not prepared to take care of cyber attacks. Moreover, unprotected network communications, design faults, lack of IT audit trail, and lack of security protocols also contribute towards information security vulnerabilities (Antón et al., 2003). 

It is necessary to set risk management and risk assessment strategy to be able to mitigate these vulnerabilities. Anderson et al. (1999) suggested a methodology known as RAND to improve information systems security which can be used to mitigate these vulnerabilities.

Area of discussion 3: User and the network infrastructure. Human factors that relating to security: understanding the human behavior

An effective cyber security program must ensure the coverage of external threats. External threats must be regularly monitored by security software attached to the corporate systems. Staff errors, configuration issues, inadequate employee choices, and also unscrupulous actors, are all sources of internal threats. There must be regulation compliance for corporate process security conformance to regulations, requirements, and recommendations.

Security services delivered through the cloud it has a diverse set of threat and analytics intelligence technologies. There must also be prevention, detection, and response to security threats. Consolidated solutions provide a holistic solution for defending the system against a variety of threats. Security analytics can assist in quick response and risk monitoring to a situation before it occurs (Harkins, 2013). Following are some of the popular cybersecurity frameworks:

NIST

This Framework is designed to safeguard important infrastructure from cyber-attacks, such as dams and power plants.

CIS

This framework consists of twenty controls that professionals from all sectors such as academia, industry, and government, it is also updated regularly to stay contemporary and control cybersecurity risks.

ISO

ISO 27K is a widely known cybersecurity standard. It necessitates management’s systematic approach to the organization’s information security risks, taking into consideration vulnerabilities and threats (Donaldson et al., 2018).

• Strategy 1: To create a secure cyber ecosystem, it encompasses a wide variety of different entities, including gadgets, persons, governments, commercial businesses, and so on, who communicate with one another for a variety of purposes.
• Strategy 2: To create an assurance model, entails using traditional goods, procedures, individuals, and technologies to make an outline that adheres to worldwide security requirements.
• Strategy 3: Regulatory Framework Strengthening to build a stable cyberspace ecosystem and also to enhance the regulatory infrastructure (Donaldson et al., 2018).

Step 1: Recognize the cyber threat background

Step 2: Conduct an assessment of security risk

Step 3: Set security objectives

Step 4: Evaluate available technologies

Step 5: Selecta security structure

Step 6: Review the policies of cyber security.

Step 7: Create a risk management strategy

Step 8: Implement the security plan

Step 9: Evaluate the overall security plan.

Almost every big and the well-known firm will, sadly, suffer from data breaches, whether privately or publicly. A weakness or flaw in a system’s security procedures, architecture, execution, or internal control systems that can be manipulated (deliberately or accidentally) to cause a violation of the system’s security policy or a security breach. Whereas the majority of cyber security concerns for firms are external, there seem to be times when an internal job is necessary. Workers with nefarious motives may disclose or sell secret information to business rivals or others. This might result in significant reputational and financial damage to the company. Such computer security issues can be avoided by real-time monitoring and also outbound and inbound network activity (Donaldson et al., 2018).

In the cybersecurity framework, human factors are events and actions that lead to a data breach. Such concerns are usually instigated due to a lack of awareness, negligence, or inappropriate access. The capture error is a typical human mistake that can result in security breaches. A cognitive mistake or failure occurs when a recognized action or routine takes over (or captures) a new activity. Exhaustion and inattention can also lead to post-completion errors, for which the person fails to execute a required “clean-up” activity after the primary objective has been done. A variety of security methods rely on human memory, and because memory capability is restricted, this might lead to errors (Kenneth et al., 2019).

Area of Discussion 4: Digital Transformation (DT)

Cybersecurity can be characterized, as the protection of servers, computers, mobile devices, networks, data, and electronic systems against harmful attacks. It can be implemented in large corporations and individual devices. Whereas, information security is regarded as the protection against unauthorized access of data manipulation while storing or transferring from one device to another. Cybersecurity refers to the protection of data, storage resources, and devices from cyber-attacks. On the other hand, information security is for protecting data from any type of cyber threat either digital or analog. Cyber fraud and cybercrime are the most common examples that cybersecurity deals with. However, information security is concerned with unauthorized users, disclosures, modifications, and interruptions (Harkins, 2013).

The most critical aspect of an effective cybersecurity policy is that it should be properly functional. A periodic update within six or twelve months must be implemented for an effective cybersecurity policy. A good cybersecurity policy is automated and gives less room to employees, suppliers, distributors, and vendors to make fewer errors. Standardization is a crucial component of an effective cybersecurity policy since it assures that the barrier created has no vulnerable areas or loopholes. With different threat vectors lurking in each area, it is only natural that cybersecurity protection is multidisciplinary. No policy changes might be required, and there must be no exemptions to the regulations (Harkins, 2013).

The rise in digital transformation activities throughout all industries is exposing distinct weaknesses for most enterprises. Digital disruption, connectivity, agility, speed, increased service, and improved customer experience are all aspects of digital transformation. Whenever it comes to cybersecurity many individuals consider it cumbersome due to the regulations and standards, training, and other aspects of security implementations. Cybersecurity risks are always increasing day by day as contemporary technologies emerge like artificial intelligence, cloud computing, the internet of things, machine learning, social media, big data, and other operating innovations (Vial, 2021).

References 

Anderson, R. H., et al. 1995. Universal Access to E-Mail Feasibility and Societal Implications. RAND Corporation. 

Antón, P., Anderson, R., Mesic, R., & Scheiern, M. 2003. Finding and Fixing Vulnerabilities in Information Systems: The Vulnerability Assessment and Mitigation Methodology. Santa Monica, CA; Arlington, VA; Pittsburgh, PA: RAND Corporation. Online; www.jstor.org/stable/10.7249/mr1601darpa

Donaldson S.E., Siegel S.G., Williams C.K., Aslam A. 2018. Enterprise Cybersecurity Architecture.

Harkins, M., 2013. Managing risk and information security. Apress, New York City.

In: Enterprise Cybersecurity Study Guide. Apress, Berkeley, CA. 

Kenneth, C., Laudon, L., & Jane, P. 2019. Management Information Systems: Managing the Digital Firm. Pearson.

Vial, G. 2021. Understanding digital transformation: A review and a research agenda. Managing Digital Transformation, 13-66.

Frequently Asked Questions