SECURITY ISSUES, PROBLEMS AND SOLUTIONS IN ORGANIZATIONAL IT SYSTEMS

Posted: July 9th, 2021

Information systems security has become one of the biggest issues in this century. After automating most human functions all over the world in various fields such as business, government, education institutions and other various organisations, the next issue becomes how safe are these systems and how can we ensure that the information in these systems stays safe. Currently, the world faces a shortage in personnel to assure security in information systems which is followed by training in schools in fields such as cybersecurity and certifications like ethical hackers to curb the shortage which is presumed to get worse. In this proposal research paper, we will discuss some of the issues, problems and suggested solutions in security pertaining to organisations’ information systems. For our research we will focus on ABC Limited a financial management organisation with a back office and front office software management system and a human resources management system as well as an internal network that connects all the hosts in different branches to the servers.

Issues and Problems in Security of Organisational Information Systems

The biggest issue in an organisational information system is lack of skilled cybersecurity professionals (Hayes 2012). The problem with this is that although the best systems may be put in place to man both the network and software systems, many organisations still do not have enough people to manage the solutions. Cybersecurity as a field is fairly new in schools which makes it a challenge to properly train those in schools and even when they are properly trained, they are still few in numbers. Without enough manpower in ABC Limited, critical cybersecurity alerts will go unnoticed and a threat will be utilised by an attacker to gain unauthorised access and commit the various types of cybercrimes such as a denial of service or deletion of data among many other information systems crimes. Owing to the fact that our organisation is a financial institution where data integrity is very important, such a risk would compromise the entire system.

Another issue is the expensive nature of cybersecurity particularly for start-ups. The costs come from the fact already established that manpower is limited which makes it expensive and that hackers are always looking for new ways to compromise systems and gain unauthorised access (Oriyano 2014). This means that ABC has to keep updating their security systems and also updating the skills of the information systems security personnel. Defence in depth is a system developed by cybersecurity professionals where an information system is split into segments and each segment has in implemented security system control (Oriyano 2014). It may be compared with the physical security of a house, first there is a lock at the gate, then a lock at the front door, then other locks on various other doors inside the house. This is what many organisations use and for ABC to implement such a system, first hardware such as firewalls would have to be acquired which would make it an additional cost to the organisation. Then, there is a principle in information system security that as security improves, functionality reduces making systems slow and inefficient (Oriyano 2014).

The last issue is the abuse of user account privilege. The reason this is a big issue is that it is fairly impossible to train every employee at ABC Limited in cybersecurity. Lack of this training makes them susceptible to social engineering attacks from the internet. Social engineering is where attackers use various tricks to retrieve information from employees like usernames and passwords, operating systems and network privileged information (Oriyano 2014). When attackers have access to such information during their footprinting attack stage, compromising the system becomes very easy for them.

Possible Solutions to the Security of Organisational Information Systems

The issues addressed compromise the integrity and availability of information in organisation information systems. Various solutions have been put forward to address some of these issues. Such issues are such as government legislation and countermeasures where the governments all around the world have put severe punishments for hackers who are caught accessing information from systems that they do not have authorisation. Governments have also promised international cooperation with other governments pursuing hackers across geographical boundaries (Smith 2002). This means that if a hacker from country A has been traced trying to commit a cybercrime to ABC Limited in country B, law enforcement in country B has the legal capability to pursue the hacker all the way to country A.

Another countermeasure is education and training. The Electronic Commerce Council introduced certifications for cybersecurity students such as the Certified Ethical Hacker where a system administrator in ABC Limited can learn and improve his or her skills (Cadwell 2011). The system admin, in this case, learns to keep hackers out by becoming an ethical hacker, commonly referred to as ‘white coat’ (Cadwell 2011). In such a course the students are taught various skills such as reverse engineering where they can discern malware and understand the intentions of a hacker thereby coming up with a means to stop him or her.

Lastly, ABC Limited in an attempt to improve the security of their information systems can actively engage in research. Tech companies such as CISCO are constantly working on hardware that prevents compromise on networks (Carter 2001). By staying up to date with trending tools and training, ABC can continuously improve their systems which would, in turn, ensure that information stays safe. Information Security is not absolute and it takes a number of ways to lower the risk.

References

Caldwell, T. (2011). Ethical hackers: putting on the white hat. Network Security, 2011(7), 10-13.

Carter, E., & Foreword By-Stiffler, R. (2001). Cisco secure intrusion detection systems. Cisco Press.

Hayes, S., Shore, M., & Jakeman, M. (2012). The changing face of cybersecurity. ISACA Journal, 6, 29.

Oriyano, S. P. (2014). Ceh: Certified ethical hacker version 8 study guide. SYBEX Inc.

Smith, A. D., & Rupp, W. T. (2002). Issues in cybersecurity; understanding the potential risks associated with hackers/crackers. Information Management & Computer Security, 10(4), 178-183.