Organisational Security

profileMinu
MarufaOrganizationalSecurityAssessment1.doc.docx

Running head: ORGANIZATIONAL SECURITY 1

ORGANIZATIONAL SECURITY 7

CDU International College

MQP 008

Report on Security Issues in the Fugle Company

Marufa Binte Muztaba

Date: 22th April 2020

Student ID:S33821

Length: 1500 words (+/-100)

Introduction

When we consider every modern business, we find that none lacks security issues. This means that we need to look into how to come up with secure systems. Information security stands for prevention or the practice of preventing access of data by unauthorized user. The information does not need to be electrical for it to be secured, even physical information is put into consideration. The purpose of writing this paper is to talk about Fugle Company by describing its information system, outlining the main risks that the system might be exposed to and the ethical issues that need to be considered in order to maintain the security of information in Fugle, (Trend Micro, 2015). For this company to succeed, information security has to be up tight. This technological company has developed an application that you can pay using your fingerprint. A lot of attention has been drawn to it which has risen questions of how secure the application is, (Dooley, 2017). With the scheduled time for launching the application, the company experiences a lot of pressure because they do not want to launch it before considering all the security issues with their budget, and at the same time they do not have a lot of time. The security issues addressed here apply to the HRM, product development, accounting, and marketing information systems.

Information Systems and their Assets

There are four main key information systems in Fugle. When dealing with an information system, we basically mean the software that a company used to analyze and organize its data. It is used to convert raw data into information that can be understood and be used for effective decision making. There are key assets that each one of the four keys have been assigned to protect. We can define an asset as something that is useful for the company that brings profit to it. It is very important to know how to handle threats that are imposed to these assets because they can have a major impact on the future of the company and its viability. In fugle, the main responsibility of the market information system is to make sure that information in the company concerning marketing is not breached. The company’s major assets are its customer Intel and information concerning the asset. This is seen by when Dave is called and is told that there was an attempt of people hacking the data concerning the clients of the company, ( Lowry, Dinev, and Willison, 2017). This would mean that there is a confidentiality breach and the clients would not trust the company again. Also when journalists come to take a look at the product and they are given a controlled presentation it is because the product is still considered vulnerable to attacks. Information about the company can be used against it to attack it and that is why he refuses to let the journalist take word out about the product. This is an asset to the company and if it is not well protected, the company could move real fast from having everything set to finding out that there is an imitation of the product out in the market already and running. (Weller, 2007) states that the biggest risk involved with these assets is the risk of accessing all the information of the company’s customers that is in it. The responsibly of the human resource information system in Fugle is to make sure that there is no breach of information. Foxall says the trends that threaten these assets include advanced mobile internet, cloud technology, big data, adoption of the new advanced technology and artificial intelligence. The responsibility of the accounting system in Fugle is to prevent fraud in the accounting management system. Its major assets include its financial reports and records. Show that the risks that these assets might face would be people giving misappropriated assets and accounting records, (Bawaneh 2014). In fugle the main responsibility of the product development information system it to make sure that they protect the development process of the application. Its major assets include the information concerning its development basically. Threats, according to Forbes, might occur at any step in the cycle of development. This means that testing for security should be done in every single step from the beginning just to be sure and safe.

Important Threats

We can define threats as anything that puts the company at a risk of not succeeding or reaching its ultimate goal, (Jounin et al. 2014) classifies them into four main dimensions. A threat can be posed by accessing the emails that are targeting customers. Very sensitive information is shared to customers via email, and not only is it company sensitive but also customer sensitive. Through email, clients share most their details and expect that they have to be kept confidential by the company. The HR information system is supposed to see to it that this is ensured. Internal software devices making mistakes, mobile devices that can actually access sensitive data. This is a threat because if the device is out of the offices the information will also be out. Also, another dimension of threat is AI bots. They are known to collect data from existing clients which means that if they can land in the hands of the wrong people then the company can loose both existing and potential customers. The last dimension is lack of control over access of data, (Dhillon, Syed, and de Sá-Soares, 2017). This is actually the biggest threat biggest it gives even the enemies of the company access to the most sensitive information. Leaking information to outsiders is giving them a chance to finish the company. Every company’s information system is faced by potential environmental threats like corruption or destruction of information, fraud, disclosure and illegal usage. Nevertheless, in other systems, there are other important types of threats. In marketing information system, the most important threat to consider is illegal use of information. This can be classified as an external threat. A good example would be an attacker using the normal company connection to attack the system that he wants to. There are both internal and external threats in human resources, (Foxall, 2018). Leaking of information like the process of making a product is an example of an internal threat. External threats, the ones that have been discussed above are can be classified as human, environmental and technological threats. An example from Fugle Company is when there was an email that was targeting the customers of the company. In accounting information the most important threat is disclosure of information. This is an external threat. In fugle the perfect example is if the company would have considered outsourcing a third party to check the vulnerabilities, (Zhang, 2019). This would have given them access to important information and accounting reports. For product development, the threats are theft and corruption of information which are both internal and external threats. An example is when the reporters can to fugle and Dave could not show them everything.

Legal and Ethical Implications

Fugle was fully compliant to legal requirements according to the Australian laws. This means that the company has security control in all its information and is protected from any kind of malicious acts. Also, it means that legally, it has all the covers that it needs and is operation under the Australian policy. The laws include the privacy act, the crimes act and the interception and access act among others according to, (Srinivas 2015). Also, fugal has ethical reasons as to why it protects its information. These are according to, (Computer Ethics Institute 1992) which state that a person is not allowed to snoop around, a person should not steal using a computer, you should not bare false witness with the help of a computer and you should not imitate or even use a software that you have neither acquired legally nor made yourself.

Conclusion

According to the discussion above we can deduce that information security is mainly used for prevention from using that data, disruption is, disclosing it to other people, destruction, inspection, modification and recording of data that is encrypted. Information system is used to convert raw data into information that can be understood and be used for effective decision making. There are key assets that each one of the four keys have been assigned to protect. They include the market information system which make sure that information in the company concerning marketing is not breached, the human resource information system, the accounting system whose responsibility is to prevent fraud in the accounting management system and the product development information system that makes sure that they protect the development process of the application. Every company’s information system is faced by potential environmental threats like corruption or destruction of information, fraud, disclosure and illegal usage. Nevertheless, in other systems, there are other important types of threats. There are both internal and external threats in human resources. Leaking of information like the process of making a product is an example of an internal threat. External threats on the other hand can be classified as human, environmental and technological threats.

REFERENCES

Bawaneh, 2014. Information Security for Organizations andAccounting Information SystemsA Jordan Banking Sector Case. Retrieved from: http://www.irmbrjournal.com/papers/1405506805.pdf

Srinivas, S., White, N., Schoenmakers, M., van Reijswoud, V., Koopman, M., Zielinski, C., Mugarura, C., Assa, R. and Harish, S., 2015. Checklist for the development of portals for international development. Knowledge Management for Development Journal, 14(1), pp.83-94. Retrieved from: https://www.km4djournal.org/index.php/km4dj/article/view/384

Dhillon, G., Syed, R. and de Sá-Soares, F., 2017. Information security concerns in IT outsourcing: Identifying (in) congruence between clients and vendors. Information & Management, 54(4), pp.452-464. Retrieved from: https://www.sciencedirect.com/science/article/pii/S0378720616302166

Dooley, D.A., 2017. Customizable computerized accounting information system and methods of processing and securely exchanging accounting data. U.S. Patent Application 15/371,169. Retreievd from: https://patents.google.com/patent/US20170085538A1/en

Foxall, 2018. Five basic HR data security threats in 2018. Retrieved from: https://www.hrmsworld.com/hr-data-security-threats.html

Lowry, P.B., Dinev, T. and Willison, R., 2017. Why security and privacy research lies at the centre of the information systems (IS) artefact: Proposing a bold research agenda. European Journal of Information Systems, 26(6), pp.546-563. Retrieved from: https://www.tandfonline.com/doi/abs/10.1057/s41303-017-0066-x

Jounin, R., Rhine, E., Myhra, M., Sullivan, R. and Kruse, C.S., 2014. Cyber threats to health information systems: A systematic review. Technology and Health Care, 24(1), pp.1-9. Retreievd from: https://content.iospress.com/articles/technology-and-health-care/thc1102

Weller, J., 2017. The Definitive Guide to Marketing Information Management & Systems. Retrieved from: https://www.smartsheet.com/marketing-information

Trend Micro, 2015. Targeted attack. The Game. Retrieved from: http://targetedattacks.trendmicro.com/

Zhang, Y., 2019, April. Security Risk of Network Accounting Information System and Its Precaution. In 3rd International Conference on Mechatronics Engineering and Information Technology (ICMEIT 2019). Atlantis Press. Retrieved from: https://www.atlantis-press.com/proceedings/icmeit-19/55917207