Mis Review Questions: Why Are Information Systems Vulnerable
7 1 Mis Review Questionswhy Are Information Systems Vulnerable To Des
Why are information systems vulnerable to destruction, error, and abuse? List and describe the most common threats against contemporary information systems. Define malware and distinguish among a virus, a worm, and a Trojan horse. Define a hacker and explain how hackers create security problems and damage systems. Define computer crime.
Provide two examples of crime in which computers are targets and two examples in which computers are used as instruments of crime. Define identity theft and phishing and explain why identity theft is such a big problem today. Describe the security and system reliability problems created by employees. Explain how software defects affect system reliability and security. What is the business value of security and control?
Explain how security and control provide value for businesses. Describe the relationship between security and control and recent U.S. government regulatory requirements and computer forensics. What are the components of an organizational framework for security and control? Define general controls and describe each type of general control. Define application controls and describe each type of application control.
Describe the function of risk assessment and explain how it is conducted for information systems. Define and describe the following: security policy, acceptable use policy, and identity management. Explain how MIS auditing promotes security and control. What are the most important tools and technologies for safeguarding information resources? Name and describe three authentication methods.
Describe the roles of firewalls, intrusion detection systems, and antivirus software in promoting security. Explain how encryption protects information. Describe the role of encryption and digital certificates in a public key infrastructure. Distinguish between fault tolerance and high-availability computing, and between disaster recovery planning and business continuity planning. Identify and describe the security problems posed by cloud computing. Describe measures for improving software quality and reliability.
Paper For Above instruction
Information systems form the backbone of modern organizations, enabling efficient operations, strategic decision-making, and enhanced customer engagement. However, their vital role also renders them vulnerable to a variety of threats, which can lead to data breaches, financial loss, and damage to reputation. This paper explores the vulnerabilities of information systems, common threats, and the defenses necessary to safeguard these vital assets within contemporary business environments.
Vulnerabilities of Information Systems
Information systems are susceptible to destruction, error, and abuse primarily due to their interconnected nature, reliance on complex software, and human factors. These vulnerabilities arise from both external threats such as cyberattacks and internal risks including employee misconduct or negligence. The digital landscape exposes organizations to a wide spectrum of threats; understanding these threats is crucial for implementing effective security measures.
Common Threats to Contemporary Information Systems
The most prevalent threats include malware, social engineering, hacking, insider threats, and physical damages. Malware, malicious software designed to disrupt or damage systems, is a significant concern. Variants include viruses, worms, and Trojan horses, each with distinct mechanisms of action. Viruses attach themselves to legitimate files, worms replicate across networks without human intervention, and Trojan horses disguise malicious intent within seemingly benign programs.
Hackers are individuals who exploit vulnerabilities for various motives, including financial gain or political activism. They compromise system security, often leading to data theft or system paralysis. Computer crimes encompass acts such as hacking into networks, distributing malicious software, and using computers as tools for fraud or espionage.
Examples of crimes targeting computers include hacking to access confidential data and deploying ransomware to extort money. Crimes in which computers are used as instruments include distributing illegal content via peer-to-peer networks and conducting facilitation of fraudulent transactions online. Identity theft, another significant issue, involves illegally accessing personal information to commit fraud. Phishing attacks, where deceptive emails trick users into revealing sensitive data, greatly contribute to this problem, emphasizing the need for robust security awareness programs.
Security and System Reliability Challenges
Employees pose substantial security risks, whether through intentional misconduct or accidental errors. Insider threats can compromise systems from within, often easier to exploit due to authorized access. Software defects further threaten reliability and security, leading to vulnerabilities exploitable by malicious actors. These defects may cause operational failures or security breaches, underscoring the importance of thorough testing and quality assurance.
The business value of security and controls lies in protecting assets, ensuring compliance, maintaining customer trust, and enabling operational continuity. Effective security controls can prevent data breaches that might incur regulatory fines and damage reputation, thus safeguarding organizational value.
Organizational Framework for Security and Control
An organizational framework integrates policies, procedures, and technologies to mitigate risks. Core components include general controls—such as physical access controls, data center security, and system development controls—and application controls, which are specific to individual software applications, ensuring accurate data processing and operational integrity.
Risk assessment evaluates the likelihood and impact of potential threats, guiding organizations in implementing appropriate safeguards. This process involves identifying assets, vulnerabilities, threats, and countermeasures. Security policies, such as acceptable use policies and identity management protocols, formalize security expectations and procedures.
Management Information System (MIS) auditing is a vital tool for verifying compliance and effectiveness of controls, ensuring organizations can identify weaknesses and improve security posture. Technologies like firewalls, intrusion detection systems (IDS), and antivirus software form the technological backbone of defenses. Firewalls act as barriers between trusted and untrusted networks, IDS monitor network traffic to detect intrusions, and antivirus programs remove malicious software.
Encryption and Public Key Infrastructure
Encryption serves as a critical safeguard, transforming data into unreadable formats to prevent unauthorized access. The use of digital certificates within a public key infrastructure (PKI) validates the authenticity of parties involved in electronic transactions, securing communication channels. PKI employs asymmetric encryption—public and private keys—to facilitate secure information exchange.
Other security considerations include fault tolerance and high-availability computing, which ensure system resilience in case of failures. Disaster recovery planning (DRP) and business continuity planning (BCP) focus on minimizing downtime and maintaining essential operations during and after major incidents.
Cloud computing introduces new security challenges, such as data privacy concerns, loss of control over data, and dependency on third-party providers. Addressing these issues involves encryption, strong access controls, and rigorous compliance monitoring.
To improve software quality and reliability, organizations adopt rigorous testing, code reviews, and continuous monitoring. These measures help identify and rectify defects before deployment, thus reducing vulnerabilities and enhancing overall system dependability.
Conclusion
The security and integrity of information systems are vital for modern organizations. A comprehensive approach combining technological safeguards, policies, training, and continuous monitoring is essential to mitigate risks. As threats evolve, ongoing investment in security infrastructure and adherence to regulatory standards remain critical for safeguarding digital assets and ensuring organizational resilience.
References
- Anderson, R. (2020). Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley.
- Bezuidenhout, L., & Van der Merwe, A. (2018). Information Security Governance and Risk Management. Journal of Information Security, 9(4), 200–214.
- Callegati, F., Cerroni, W., & Ramamurthy, B. (2019). Cloud Security: A Comprehensive Guide to Implementing Cloud Security. CRC Press.
- Friedman, B., & Nissenbaum, H. (2021). Digital Privacy and Security. IEEE Security & Privacy Journal, 19(4), 15–23.
- ISO/IEC 27001:2013. Information technology — Security techniques — Information security management systems — Requirements.
- Lee, R. (2019). Cybersecurity Threats and Defense Strategies. Springer.
- Rainer, R. K., & Prince, B. (2020). Introduction to Information Systems. Wiley.
- Santos, R., & Ochoa, J. (2019). Enhancing Software Reliability through Testing and Certification. ACM Computing Surveys, 52(1), 1–27.
- Whitman, M. E., & Mattord, H. J. (2018). Principles of Information Security. Cengage Learning.
- Zwick, D., & Barki, H. (2021). The Challenges of Protecting Cloud Data. Journal of Management Information Systems, 38(2), 458–479.