- Security & Control in MIS
- Latest Security Issues
- Ransomware Attacks
- Enterprise-class Spyware
- IoT-based Attacks
- Distributed Denial of Service Attacks (DDoS)
- Insider Threats
- Password Cracking
- Information Breaches & Data Loss
- Impact of Security Issues
- Set of Countermeasures
- Administrative Controls
- Logical & Technical Controls
- Physical Controls
- Recommendations & Conclusion
The report analyses the security and control aspect of MIS. Various security issues that may take place in association with MIS and its impact on the business organizations have been covered. The report also highlights the set of countermeasures that shall be used to prevent and control such issues.
One of such drawback is the set of security issues that have been observed in association with MIS. The report discusses the latest security issues and the control measures that are developed for Management Information Systems.
Security & Control in MIS
Latest Security Issues
Management Information Systems (MIS) comprise of the data sets and information that include confidential, critical, sensitive, public, and private data sets. The ransomware attack is becoming increasingly frequent in MIS as these systems are extremely essential for business continuity. These malicious codes enter the MIS with the aid of a file downloaded by a system user or through any of the vulnerabilities present in the network. The business units are then required to pay the ransom amount to unlock the system.
Spyware is defined as software that is designed to capture the system activity without the knowledge of the system user. This information is then shared with the unauthorized entities which may then be misused. Enterprise graded spyware impact the severe internal applications, such as MIS to understand the business activities and strategies. These forms of security attacks are often given shape by the competitors of a particular organization so that the specific business information may be obtained.
Internet of Things (IoT) is a technology that is being widely used by the organizations from all across the globe. There are huge number of business units that are adapting IoT and other technologies to make sure that they stay ahead of their competitors (Abdur, Habib, Ali & Ullah, 2017).
Many of the Management Information Systems are included in the IoT-based applications that are implemented in the organizations. The security of such applications is often compromised as there are information security attacks that may become difficult to control in an IoT environment. This is because of the reason that there are varied devices and gadgets that are present in the IoT applications and all of these devices and applications have different security and control requirements. This exposes the MIS at risk as well as the information sets present within these systems may get exposed to the unauthorized entities (Mosenia & Jha, 2017).
Distributed Denial of Service Attacks (DDoS)
Information and system availability is put at risk with the execution of the denial of service and distributed denial of service attacks. DDoS are the network security attacks that involve a malicious entity to acquire the network control so that the attack may be given shape (Yan & Yu, 2015). The Management Information Systems in this case are injected with a malware so that they may be connected in a bot-network. In this manner, the attacker gets the ability to control the bots as per the desired action.
After the establishment of the botnet, the attacker gets the ability to circulate the updated instructions with the aid of a remote control. Once the IP address of a MIS on a network is targeted, all the requests are directed to that particular address that results in the overflow of the capacity. The regular traffic is enhanced to multiple counts that results in gradual breakdown of the service. The garbage traffic is re-directed to the address to make sure that the availability of the system is adversely impacted.
These employees may often violate the security and ethical protocols and may misuse the privileges that are granted to them. In case of Management Information Systems (MIS), there is a varied set of user roles that are defined. There are certain users that are provided with the ability to read and write the data while there may be a few that may be allowed to modify the same. The MIS stores the business strategies and plan along with the sensitive information associated with the organization (Colwill, 2009). The employees of the organization may misuse these privileges and may transfer the information to the competitor or the peers for selfish interests and objectives. The impact of such risks and attacks may be extremely adverse for the organization.
In this manner, the confidentiality and integrity of the data sets may be compromised. There are also the cases in which the users are not aware about the characteristics of the string passwords that they must select in order to protect their data and information. Such weak passwords are easier to crack which provide the attackers with the ability to easily break into the security of the system.
Information Breaches & Data Loss
The breaching of the information is common in the case of Management Information Systems as well. In these systems, there are newer mechanisms that are being used by the attackers to break in the security and privacy of the data sets. These systems are often accessible over the cloud which leads to the breaching of the information through the network security attacks. There is also a loss of data that occurs while transfer of information from one place to the other (Olavsrud, 2017).
Impact of Security Issues
There are certain business units that deal with critical and extremely sensitive information sets. For instance, there are a lot many regulatory requirements that must be met by the financial or healthcare institutions. In case of an information breach or other security attack in such organizations, the impacts may include legal obligations for the organization. There is also loss of customer trust and engagement that is witnessed with the frequent occurrence of the security attacks in an organization.
The brand value and brand recognition of the organization in the market also suffers badly as there are other competitors that take advantage of such a situation.
It is, therefore, becomes necessary to put a check on such security attacks and issues to make sure that the customer base is always maintained and the information sets are always protected.
Set of Countermeasures
Technology has made the process of administration, review and audit extremely easy and has also enhanced the accuracy of the results.
The business organizations must make sure that they make use of the latest technological tools to carry out the security audits and reviews. Such tools capture the activity logs of the Management Information Systems along with the other systems and applications that are integrated with it. The tools capture all the activity and automatically highlight the strong and weak areas. In this manner, the organization will get to known about the areas that they must work in to so that the overall security architecture may be improved.
It is also necessary to ensure that the security plans and policies are updated at regular intervals as per the latest regulatory norms. There is often a change that is made in the legal policies and procedures. The administration of the organization must make sure that the updates are made and are implemented across all the business units (Shamala, Ahmad & Yusoff, 2013).
The methodologies that are followed in the organization for security management and administration also play a viable role. These methodologies provide the guidelines to the security managers and administrators on the path that they must follow to control the security issues. However, there is no defined policy that has been created and it varies as per the nature of the organization. The selection of the methodology must be backed by adequate and effective planning and analysis.
Logical & Technical Controls
Most of the security attacks that take place in association with the Management Information Systems involve networks as the primary agent of the threat. There are also other agents that are involved, such as database, human resources, storage devices, and many more.
Technical and logical controls provide the business units with the tools and equipment that they may implement for the resolution of the security attacks and issues. Ransomware and malware attacks can be controlled and avoided with the aid of anti-malware tools that come along with the ransomware protection (Rastogi, Chen & Jiang, 2014). These tools block the suspicious activities and access to the system and alert the users with the information on the same. The suspicious files are also automatically discarded and blocked. Similarly, there are anti-denial tools that have been developed to put a check on the denial of service and distributed denial of service attacks.
There are also network control tools that have been developed to make sure that network-based and IoT-based security attacks can be controlled. These tools come in the form of intrusion detection and prevention systems, network monitoring and network scanning tools.
The organizations must also work on the access control mechanisms and the authentication checks that they install in their business units. These access control methods must use the latest in the field such as role based or attribute based methods. Also, the authentication systems must be backed by the use of one time passwords, biometric recognition, and single sign on and likewise.
The basic security measures must also be used in the form of firewalls and proxy servers.
The organizations do not pay attention to the physical controls after the development of the advanced technical and logical controls.
However, these controls are also extremely essential for the organizations to make sure that the enterprise applications, such as Management information systems and likewise are protected. The presence of surveillance tools and guards on the data centre entry and exit gates must be ensured. The access and identity of the employees must also be validated along with the equipment that they may be carrying with them.
Recommendations & Conclusion
There are abundant data volumes that are handled and processed by the business organizations in the current times. The information systems, such as Management Information System (MIS) provide the organizations with the ability to manage the information sets. These are the automated systems that are designed to collected, process and manage huge volumes of data to provide the business managers and executives with regular reports. There may; however, be a lot many security attacks that may take place in association with the MIS, such as ransomware and other malware attacks, IoT-based security attacks, denial of service and distributed denial of service attacks, password cracking, insider threats, information breaches and data loss. These attacks organizations often lead to the adverse impacts on the information sets as well as the organization and the associated stakeholders. The security controls that may be used to avoid such security issues shall include a combination of administrative controls, logical and technical controls along with the physical controls.
MIS and other enterprise applications comprise of critical data sets and it must be ensured that the security of these applications is always maintained by the organizations. The failure to do so can be fatal for the organization and its associated stakeholders.
Place Order For A Top Grade Assignment Now
We have some amazing discount offers running for the studentsPlace Your Order
Abdur, M., Habib, S., Ali, M., & Ullah, S. (2017). Security Issues in the Internet of Things (IoT): A Comprehensive Study. International Journal Of Advanced Computer Science And Applications, 8(6). http://dx.doi.org/10.14569/ijacsa.2017.080650
Collett, S. (2017). Five new threats to your mobile security. CSO Online. Retrieved 11 January 2018, from https://www.csoonline.com/article/2157785/data-protection/five-new-threats-to-your-mobile-security.html
Colwill, C. (2009). Human factors in information security: The insider threat â€“ Who can you trust these days?. Information Security Technical Report, 14(4), 186-196. http://dx.doi.org/10.1016/j.istr.2010.04.004
Harsh, S. (2017). Management Information Systems. Departments.agri.huji.ac.il. Retrieved 11 January 2018, from http://departments.agri.huji.ac.il/economics/gelb-manag-4.pdf
Mosenia, A., & Jha, N. (2017). A Comprehensive Study of Security of Internet-of-Things. IEEE Transactions On Emerging Topics In Computing, 5(4), 586-602. http://dx.doi.org/10.1109/tetc.2016.2606384
Olavsrud, T. (2017). 9 biggest information security threats through 2019. CIO. Retrieved 11 January 2018, from https://www.cio.com/article/3185725/security/9-biggest-information-security-threats-through-2019.html
Rao, R. (2018). Defend Yourself : Introduction to Malware and Countermeasures | TCS Cyber Security Community. Securitycommunity.tcs.com. Retrieved 11 January 2018, from https://securitycommunity.tcs.com/infosecsoapbox/articles/2017/11/04/defend-yourself-introduction-malware-and-countermeasures
Rastogi, V., Chen, Y., & Jiang, X. (2014). Catch Me If You Can: Evaluating Android Anti-Malware Against Transformation Attacks. IEEE Transactions On Information Forensics And Security, 9(1), 99-108. http://dx.doi.org/10.1109/tifs.2013.2290431
Shamala, P., Ahmad, R., & Yusoff, M. (2013). A conceptual framework of info structure for information security risk assessment (ISRA). Journal Of Information Security And Applications, 18(1), 45-52. http://dx.doi.org/10.1016/j.jisa.2013.07.002
Yan, Q., & Yu, F. (2015). Distributed denial of service attacks in software-defined networking with cloud computing. IEEE Communications Magazine, 53(4), 52-59. http://dx.doi.org/10.1109/mcom.2015.7081075