Information culture, environment and management decisions. There

Information technology and
organizations stimulus each other depend on organization’s structure, business
processes, politics, culture, environment and management decisions.
There is no ex-ante, readily calculable return on investment for IT security
like homeowner’s insurance or a car with extra air bags, it is money spent
today to relieve the risk and potential cost and impact of events that never
emerge. Thus, IT security should be viewed as a necessary cost of doing
business. In the work on IT and information security with companies in a wide
range of industries, including banking, insurance, defense, aerospace,
industrial goods, energy, raw materials telecommunications, and logistics, have
identified a number of other actions that executives can take to improve the
companies’ chances of success. To rival and success in global market, information
technology is important in competitive environment. (Kenneth C. Laudon, Jane P. Laudon, 2018), global investment
in information technology has expanded by 30 percent in the period 2005 to
2015. IT investment now accounts for an estimated 20 percent of all capital
investment. Information systems are
transforming business as mobile digital platform, systems used to improve
customer experience, respond to customer demand, reduce inventories, growing
online newspaper readership, expanding e-commerce and internet advertising, new
federal security and accounting laws. Firms contribute heavily in information
systems to get six strategic business objectives. There are operational
excellence, new products, services, and business models, customer and supplier
intimacy, improved decision making, competitive advantage and survival. IT
platform can lead to changes in business objectives and strategies. Businesses
rely on information systems to help them achieve their goals and to attain
higher profitability. Information systems improved decision making from
accurate information. To achieve the greater efficiency and productivity, the
tool of information technology is an important. IS support organization to
achieve competitive advantage as delivering better performance, charging less
for superior products, responding to customers and suppliers in real time
(Examples: Apple, Walmart, UPS).

Competitiveness was very often
increased because of great cost savings and better service to clients.
Communication and inter organizational systems seemed to be very important in
this respect. Now a day, organizations are in the rival for improving
their capability in order to survive in the global market. To make effective
and timely decisions that best achieves their organization goals more easy to
get from using the appropriate information of internal and external sources. (Karim, 2011).

We Will Write a Custom Essay about Information culture, environment and management decisions. There
For You For Only $13.90/page!

order now

(Karim, 2011),
that “information is an arrangement of people, data, process, and information
technology that interact to collect, process, store and provide as output the
information needed to support an organization,” “If the relevant
information required in a decision-making process or an organization planning
is not available at the appropriate time, then there is a good change to be a
poor organization planning and priority of needs, inappropriate decision-making
and defective programming”, (Adebayo, 2007).

In postindustrial
organizations, authority progressively relies on knowledge and competence
rather than formal positions with sufficient information technology. Because
of the difficulty to sustain competitive advantage, organization needs to be
continuous innovation. In order to stay ahead system performing strategic may
become tools for survival and firm value chains.


Internet is becoming
the domain platform for life in the 21st century. Organization face related
situation and must struggle with their specific probable threats. Most of the
businesses make risk identification, assessment, and mitigation a high priority.
There is a specific type of threat today for which many companies. Information security is a serious
problem for individuals and organizations because it indications to unlimited
financial losses. Information systems are exposed to different types of
security risks. The type of damage caused by security threats are different as
database integrity security breaches, physical destruction of entire
information systems facility caused by fire, flood, etc. The sources of those
threats can be unwanted activities of reliable employees, hacker’s attack,
accidental mistakes in data entry, etc. Information systems are vulnerable
because of the accessibility of networks can breakdowns hardware problems,
unauthorized changes and programming errors software problems, disasters, use
of networks outside of firm’s control, and loss of portable devices (Kenneth C. Laudon, Jane P. Laudon, 2018). Risks come from easily by using
network open to anyone, size of internet mean abuses can have wide impact, use
of fixed internet address with cable and DSL moderns creates fixed targets for
hackers, unencrypted VOIP, interception and attachments with malicious software
from email. Security is breached easily from radio frequency bands easy to scan,
using SSIDs (service set identifiers), identify access points, broadcast
multiple times, can be identified by sniffer programs, war driving, eavesdroppers
drive by buildings and try to detect SSID and gain access to network and
resources, Once access point is breached, intruder can gain access to networked
drives and files.

(malicious software) as viruses and worms can operate on their own without
attaching to other computer program files and can spread much more rapidly than
computer viruses. Worms
and viruses spread by drive-by download and destroy data and programs as well
as disrupt or even halt the operation of computer networks. Malware that
comes with a downloaded file that a user intentionally or unintentionally
requests by E-mail, IM attachments, hackers, request malicious files without
user intervention, delete files, transmit files, install programs running in
the background to monitor user action, & potentially convert the smartphone
into a robot in a botnet to send e-mail & text messages to anyone, mobile
device malware and social network malware.

Hackers &
crackers make intentional disruption, defacement, destruction of website or
corporate information system gain unauthorized access by finding weaknesses in
the security protections employed by Web sites and computer systems. Hackers flood a network server or
Web server with many thousands of false communications for spoofing for redirecting
a Web link to an address different from the intended one. It’s very damaging
and difficult to detect. An extremely serious threat because
they can be used to launch very large attacks using many different techniques.
Computers as targets of crime for breaching the confidentiality of protected
computerized data and computer may be instrument of crime theft of trade
secrets or unauthorized copying of software or copyrighted intellectual
property, such as articles, books, music, and video, schemes to defraud, using
e-mail for threats or harassment intentionally attempting to intercept
electronic communication, illegally accessing stored electronic communications,
including e-mail and voice mail, transmitting or possessing child pornography
using a computer. Hackers may be aim for identity
theft as used information to obtain credit, merchandise, or services in the
name of the victim and phishing, evil twins, pharming, click fraud, cyber-terrorism,
cyber-warfare. The sources of threat can be inside or outside the attacked
system. The organizations and their security systems are usually focused on
protecting themselves from threats that are origin from outside the system. The
threats that are coming from inside are often not considered. Because the way
it is possible to determine from what we are protecting information system, it
is possible to more efficiently use limited resources.



Organizations have very treasured information assets to protect.
Poor security and control may result in critical allowed liability. Failed
computer systems can lead to significant or total loss of business function.
Business must protect not only their information assets but also those of
stakeholders. An organization can be held liable for unnecessary risk and harm
created if the organization fails to take appropriate protective action to
prevent loss of confidential information (Kenneth C. Laudon, Jane P. Laudon, 2018). Security threats come
not only outside from organization but also originate inside an organization. A
security breach may cut into a firm’s market value almost immediately.
Information system controls may be automated or manual controls unique to each
computerized application. To protect the information systems, organization determines
level of risk to firm if specific activity or process is not properly
controlled in organization as types of threat, probability of occurrence during
year, potential losses, value of threat and expected annual loss. Ranks
information risks, identifies acceptable security goals, and identifies
mechanisms for achieving these goals. Set up policies for drives acceptable use
policy (AUP).

 The primary attack
technology may or
may not cross the firewall as they are perpetrated. Examples of external
threats include socially engineered attacks, executive impersonations, brand-based
attacks with ransomware, malware, or other payloads, rogue social domain
activity, activism and activities which violate compliance or regulatory
requirements. Technology isn’t the only source for
security risks. Psychological and sociological aspects are also involved (Ponemon Institude, July 2016). Management sets identifying
valid users and controlling access to prevent, respond to cyber attacks and
data breaches. Monitor the occurrence of possible cyber attacks and set up
policies and procedures for employees to follow depend on each company business
unit as IT, Human Resources, Legal. The organization should invest in security
equipment and procedures to deter or prevent cyber attacks. These include the
most up to date IT protection measures, for example: having the company’s
database on a different web server than the application server, applying the
latest security patches, protecting all passwords, using read-only views of
documents and materials when possible, maintaining strict input validation, developing
network security architecture, monitoring activities and procedures of
third-party contractors with access to the computer system (whether direct or
remote), performing network scans to assess activity on the network, comparing
outbound network traffic to baseline operations, choosing names for tables and
fields that are difficult to guess.

Continuously monitoring the company’s computer is logs to
discover any incidents, creating a database to track all reported incidents and
creating a risk rating to classify all reported incidents as low, medium or
high risk to facilitate an appropriate response.

If organization face systems break down, make a plan for
recovery disaster as devises plans for restoration of disrupted services, focuses
on restoring business operations after disaster. Assess financial and
organizational impact of each threat by auditing. . After analyzing and planning, should audit and control
information systems and security information systems.  The most important tools and technologies for
safeguarding information systems are identity management software,
authentication, firewall, Intrusion detection system, antivirus and antispyware
software, unified threat management (UTM) systems, Wired Equivalent Privacy
(WEP) security, Wi-Fi Protected Access (WPA2) specification. In recent years,
new and increased use of technologies such as mobile devices, social media and
cloud computing has increased the risk posed by cyber criminals. Two methods of
encryption are symmetric key encryption and public key encryption. Firms must
ensure providers provide adequate protection and need to include key factors in
Service level agreements (SLAs) before signing with a cloud service provider to
security in the cloud. Security policies should include and cover any special
requirements for mobile devices. Quickly containing any attacks and minimizing
any financial and reputational harm. Some companies delegate responsibility for
computer systems security to their chief information officer who is usually responsible
for protecting access to a company’s information technology (IT) system and the
privacy and security of information on that system. ?

Individual or organization may receive threats from individuals requesting
to have hacked its website or computer systems submission to return stolen confidential
information in exchange for money or property. Companies
can determine whether the extortionist has done what he claims by isolating
areas that may be affected to determine if they have been compromised. And determine
the feasibility of restoring critical systems where a denial of service attack
affects critical infrastructure. This includes assessing whether restoring
service will negatively affect collecting evidence in the investigation and document
all aspects of the investigation and secure and preserve all evidence,
including logs of critical system events.
According (NTT Group , 2016), if 77% of
organizations lack a recovery plan, then may be their resources would be better
spent on preventive measures. This way, companies can detect the attack in its
early stages, and the threats can be isolated and managed more effectively. The cyber incident response plan should address the recovery of the
company’s computer systems by both: Eliminating the vulnerabilities exploited by the attacker and
other identified vulnerabilities and bringing the repaired systems back online.
If systems are restored, management should determine what cyber
security management improvements are needed to prevent similar incidents from
re-happening. Management should evaluate how
the response the executed the response plan and consider whether the cyber
incident response plan can be improved.

Where an internal investigation leads to evidence of the
attacker’s possible identity, companies should consider preparing formal referrals
to law enforcement for possible criminal prosecution. Companies considering
this course of action can retain white collar crime or intellectual property
counsel to guide them through the investigation, referral and criminal
proceedings. The outcome of a criminal prosecution may depend on the
company’s ability to provide evidence and testimony. Therefore should be
prepared to help the prosecutor present complex computer crime evidence to a
judge and jury.