Security Issues, Problems, and Solutions in Organizational IT Systems

Posted: July 9th, 2021

Title Page

• The title page and all other sections will follow the American Psychological Association (APA) 6^th edition standards as described in the Publication Manual (2010).

Abstract

• The abstract introduces the ideas that the research paper will investigate. It will be a short and concise single paragraph.

Introduction to Information Systems Security

• The introduction introduces the whole idea of system security in an organisation starting with a brief history of information systems and information systems security. It will explain the essence of cybersecurity in our world today.
• Kim, D., & Solomon, M. G. (2016). Fundamentals of information systems security. Jones & Bartlett Learning.

Company Summary – ABC Limited

• The Company Summary details the operation procedures of a financial management institution. It includes a description of the network architecture of their information systems as well as the role of crucial employees who deal directly with the financial and human resource applications.
• Ayadi, R., & De Groen, W. (2014). Banking business models monitor 2014: Europe.
• Gumussoy, C. A. (2016). Usability guideline for banking software design. Computers in Human Behavior, 62, 277-285.
• Lor, K. W. E., Martin, R., & Hassen, A. O. (2008). S. Patent No. 7,440,573. Washington, DC: U.S. Patent and Trademark Office.

Information System Security Trends and Procedures for Financial Institutions

• Having understood the general outlook of network and software systems in financial management institutions, this part goes further to establish both the software and network security aspect of information.
• Viega, J., & McGraw, G. (2011). Building Secure Software: How to Avoid Security Problems the Right Way (paperback)(Addison-Wesley Professional Computing Series). Addison-Wesley Professional.
• Kankanhalli, A., Teo, H. H., Tan, B. C., & Wei, K. K. (2003). An integrative study of information systems security effectiveness. International journal of information management, 23(2), 139-154.
• Eloff, J. H., & Eloff, M. (2003, September). Information security management: a new paradigm. In Proceedings of the 2003 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology(pp. 130-136). South African Institute for Computer Scientists and Information Technologists.
• Tsohou, A., Karyda, M., Kokolakis, S., & Kiountouzis, E. (2015). Managing the introduction of information security awareness programmes in organisations. European Journal of Information Systems, 24(1), 38-58.
• Carter, E., & Foreword By-Stiffler, R. (2001). Cisco secure intrusion detection systems. Cisco Press.

Issues and Problems with Security in Organisational Information Systems’

• Introduction to issues and problems with security in organisational IT systems.
• Smith, A. D., & Rupp, W. T. (2002). Issues in cybersecurity; understanding the potential risks associated with hackers/crackers. Information Management & Computer Security, 10(4), 178-183.
• Hayes, S., Shore, M., & Jakeman, M. (2012). The changing face of cybersecurity. ISACA Journal, 6, 29
• Shortage of Skilled Manpower
  • Oriyano, S. P. (2014). Ceh: Certified ethical hacker version 8 study guide. SYBEX Inc.
  • Caldwell, T. (2011). Ethical hackers: putting on the white hat. Network Security, 2011(7), 10-13.
• High Cost of Security Measures
  • Rowe, B. R., & Gallaher, M. P. (2006, March). Private-sector cybersecurity investment strategies: An empirical analysis. The fifth workshop on the economics of information security (WEIS06).
• Abuse of User Account Privileges
  • Luo, X., Brody, R., Seazzu, A., & Burd, S. (2011). Social engineering: The neglected human factor for information security management. Information Resources Management Journal (IRMJ), 24(3), 1-8.

Potential Solutions to Security Issues Discussed

• An introduction to the various solutions that have been put forward to address some of the issues in information systems security discussed.
• Government Legislation and Countermeasures
  • Smith, A. D., & Rupp, W. T. (2002). Issues in cybersecurity; understanding the potential risks associated with hackers/crackers. Information Management & Computer Security, 10(4), 178-183.
• Education and Training
  • Oriyano, S. P. (2014). Ceh: Certified ethical hacker version 8 study guide. SYBEX Inc.
  • Caldwell, T. (2011). Ethical hackers: putting on the white hat. Network Security, 2011(7), 10-13.

• Research

  • Smith, A. D., & Rupp, W. T. (2002). Issues in cybersecurity; understanding the potential risks associated with hackers/crackers. Information Management & Computer Security, 10(4), 178-183.

Conclusion

• The conclusion will provide the reader with a summary of the discussion and findings and will explain how the paper has met what the introduction said that it would (Publication Manual, 2010).

References

• The proposed references for this paper are included in the annotated bibliography that follows this annotated outline

Annotated Bibliography

Ayadi, R., & De Groen, W. (2014). Banking business models monitor 2014: Europe.

This article provides an overview of the business model of a financial management institution such as a bank. It explains the technology applied in banks such as the back office and front office systems. In addition it covers an overview of overhead costs in running a business such as in a bank.

Caldwell, T. (2011). Ethical hackers: putting on the white hat. Network Security, 2011(7), 10-13.

The article explains the concept of having white coat hackers as a means to ensure security in organisations. The idea is built upon a principle that to avoid or kick out a thief you must learn to think like one. It also explains the role of white coat hackers in organisations Information Technology departments and discusses ideas such as network monitoring in detail.

Carter, E., & Foreword By-Stiffler, R. (2001). Cisco secure intrusion detection systems. Cisco Press.

This book covers hardware technology by a corporation known as CISCO. Cisco is dedicated to research and development of network and network security tools and applications. The intrusion detection systems are made in such a way that an administrator gets an alert whenever an attacker tries to compromise the system and responds efficiently and effectively.

Eloff, J. H., & Eloff, M. (2003, September). Information security management: a new paradigm. In Proceedings of the 2003 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology (pp. 130-136). South African Institute for Computer Scientists and Information Technologists.

This article expounds on the new idea of information system security that computer scientists need to learn in order to remain effective in this new technological era. It predicts the situation of information systems in future and adequately tries to put into perspective the importance of research in the field.

Gumussoy, C. A. (2016). Usability guideline for banking software design. Computers in Human Behavior, 62, 277-285.

This book is basically a user manual for the requirements of banking software. It comprises what the software should attend to and accomplish. It also describes the manpower requirement in its operation.

Hayes, S., Shore, M., & Jakeman, M. (2012). The changing face of cybersecurity. ISACA Journal, 6, 29

This journal covers the trends in cybersecurity. It explains that cybercrimes will continue to be a nuisance to organisations globally and cybersecurity experts need to be as good as the hackers themselves in order to be able to prevent, stop or foresee attacks. Hackers invest a lot of resources to breach networks and applications and the same amount of resources should be given in organisations to their information systems departments.

Kankanhalli, A., Teo, H. H., Tan, B. C., & Wei, K. K. (2003). An integrative study of information systems security effectiveness. International journal of information management, 23(2), 139-154.

This journal contains research on the effectiveness of information systems security on an earlier stage of technology. The journal is important in order to understand how far security countermeasures have changed in the course of time. The journal is intended to show how fast information systems change and why it is important for organisations to keep up.

Kim, D., & Solomon, M. G. (2016). Fundamentals of information systems security. Jones & Bartlett Learning.

This book is basically an introduction to cybersecurity. It comprises a basic description of what information systems require in order to be secure while at the same time conduct their designed operations effectively.

Lor, K. W. E., Martin, R., & Hassen, A. O. (2008). U.S. Patent No. 7,440,573. Washington, DC: U.S. Patent and Trademark Office.

Contains a government patent requirement for a banking software system. Meant to protect citizens against malicious business owners who may apply a system to swindle money from their clients. It covers a variety of banking software operations and properties important in the security discussion of this paper.

Luo, X., Brody, R., Seazzu, A., & Burd, S. (2011). Social engineering: The neglected human factor for information security management. Information Resources Management Journal (IRMJ), 24(3), 1-8.

This article explains social engineering as where attackers use various tricks to retrieve information from employees like usernames and passwords, operating systems and network privileged information. It explains the sources of such information and methods to gather it as well as the consequences of an attacker being in possession of such information.

Oriyano, S. P. (2014). Ceh: Certified ethical hacker version 8 study guide. SYBEX Inc.

This is an example of a professional certificate by the EC council. Learners are taught to keep hackers out by becoming an ethical hacker, commonly referred to as ‘white coats’. It describes the topic description of the course, how to do it and how to get the title, ‘certified ethical hacker’.

Rowe, B. R., & Gallaher, M. P. (2006, March). Private-sector cybersecurity investment strategies: An empirical analysis. The fifth workshop on the economics of information security (WEIS06).

This article covers the cost of cybersecurity on organisations and why it is an investment. It compares the money lost in malicious attacks and the amount of money that can be used to invest in proper security measures for small and middle-sized businesses.

Smith, A. D., & Rupp, W. T. (2002). Issues in cybersecurity; understanding the potential risks associated with hackers/crackers. Information Management & Computer Security, 10(4), 178-183.

This article covers issues in the security of information systems. It explains that after automating most human functions all over the world in various fields such as business, government, education institutions and other various organisations, the next issue becomes how safe are these systems and how can we ensure that the information in these systems stays safe.

Tsohou, A., Karyda, M., Kokolakis, S., & Kiountouzis, E. (2015). Managing the introduction of information security awareness programmes in organisations. European Journal of Information Systems, 24(1), 38-58.

This article explains the need for employees to be aware of information security in their organisations. It explains what information security is not only a task for the IT department but for the entire company as a whole.

Viega, J., & McGraw, G. (2011). Building Secure Software: How to Avoid Security Problems the Right Way (paperback)(Addison-Wesley Professional Computing Series). Addison-Wesley Professional.

This article describes a step by step procedure of developing a secure software system. Information security cannot be absolute but done correctly according to this article, it can become hectic and costly for attackers to access the system such that they may just give in.