management information systems

Abstract

The use of information systems has become essential for the organizations in the present times. This is due to the reason that there are massive volumes of information sets that are handled and processed by the organizations at regular basis. One of such information systems that are widely used is Management Information System (MIS). These information systems are the automated systems that are designed to collected, process and manage huge volumes of data to provide the business managers and executives with regular reports.
The report analyses the security and control aspect of MIS. Various security issues that may take place in association with MIS and its impact on the business organizations have been covered. The report also highlights the set of countermeasures that shall be used to prevent and control such issues. 
 
 

Introduction

Information is the most significant and critical asset for any business organization. There are huge clusters of information and data sets that are required to be managed by the organizations to make sure that the business operations are streamlined. Management Information Systems (MIS) are the automated systems that are designed to collected, process and manage huge volumes of data to provide the business managers and executives with regular reports. It works as an integrated business system that allows the business organization to improve their decision making processes. Apart from abundant set of benefits that are offered by MIS, there are a few drawbacks that are required to be handled as well (Harsh, 2017). 
One of such drawback is the set of security issues that have been observed in association with MIS. The report discusses the latest security issues and the control measures that are developed for Management Information Systems.

Security & Control in MIS

With the increase in the usage and implementation of the MIS in the organizations, there are newer forms of security attacks and issues that have been observed. The following section highlights some of the latest security issues and their descriptions. 

Latest Security Issues

Ransomware Attacks

Malware attacks are the most common forms of security and privacy attacks that are observed. These are also the most frequent attacks that take place. However, there is a new form of malware that has been developed and is termed as Ransomware. It is a malicious code that gets injected in the system and blocks the user access to the same. In order to revoke the access, the user is required to pay an amount which is referred as ransom. This amount is usually in the form of crypto-currency, such as Bitcoin. There are also malware that encrypt the entire hard drive of a system or may lock out a system with a message displayed as the ransom amount required to be paid (Rao, 2018). 
Management Information Systems (MIS) comprise of the data sets and information that include confidential, critical, sensitive, public, and private data sets. The ransomware attack is becoming increasingly frequent in MIS as these systems are extremely essential for business continuity. These malicious codes enter the MIS with the aid of a file downloaded by a system user or through any of the vulnerabilities present in the network. The business units are then required to pay the ransom amount to unlock the system. 

Enterprise-class Spyware

Management Information Systems are used by the employees of an enterprise on the desktops and laptops provided by the organization along with their personal devices. The concept of Bring Your Own Devices (BYOD) at work is on a rise and is being adapted by a large number of organizations. This has led to the ability to the employees to access MIS and other enterprise applications on their mobile devices outside of office networks. This had provided the attackers with the ability to launch enterprise-class spyware on the Management Information Systems. The tactic has been successful for the operating systems, such as Android, iOS and many others (Collett, 2017). 
Spyware is defined as software that is designed to capture the system activity without the knowledge of the system user. This information is then shared with the unauthorized entities which may then be misused. Enterprise graded spyware impact the severe internal applications, such as MIS to understand the business activities and strategies. These forms of security attacks are often given shape by the competitors of a particular organization so that the specific business information may be obtained. 

IoT-based Attacks

Internet of Things (IoT) is a technology that is being widely used by the organizations from all across the globe. There are huge number of business units that are adapting IoT and other technologies to make sure that they stay ahead of their competitors (Abdur, Habib, Ali & Ullah, 2017). 
Many of the Management Information Systems are included in the IoT-based applications that are implemented in the organizations. The security of such applications is often compromised as there are information security attacks that may become difficult to control in an IoT environment. This is because of the reason that there are varied devices and gadgets that are present in the IoT applications and all of these devices and applications have different security and control requirements. This exposes the MIS at risk as well as the information sets present within these systems may get exposed to the unauthorized entities (Mosenia & Jha, 2017).  

Distributed Denial of Service Attacks (DDoS)

There are specific properties that are associated with the information sets, such as confidentiality, integrity, availability, and privacy. All of these properties are significant for the information sets and are often targeted by the attackers. 
Information and system availability is put at risk with the execution of the denial of service and distributed denial of service attacks. DDoS are the network security attacks that involve a malicious entity to acquire the network control so that the attack may be given shape (Yan & Yu, 2015). The Management Information Systems in this case are injected with a malware so that they may be connected in a bot-network. In this manner, the attacker gets the ability to control the bots as per the desired action. 
After the establishment of the botnet, the attacker gets the ability to circulate the updated instructions with the aid of a remote control. Once the IP address of a MIS on a network is targeted, all the requests are directed to that particular address that results in the overflow of the capacity. The regular traffic is enhanced to multiple counts that results in gradual breakdown of the service. The garbage traffic is re-directed to the address to make sure that the availability of the system is adversely impacted.

Insider Threats

There are a lot many employees that work in an organization and are provided with the access to the enterprise applications and tools. These employees include the internal staff members that may be allocated with the different set of roles and responsibilities and may be tagged in various departments of the organization. The use of MIS is necessary for the employees all across a business organization.  
These employees may often violate the security and ethical protocols and may misuse the privileges that are granted to them. In case of Management Information Systems (MIS), there is a varied set of user roles that are defined. There are certain users that are provided with the ability to read and write the data while there may be a few that may be allowed to modify the same. The MIS stores the business strategies and plan along with the sensitive information associated with the organization (Colwill, 2009). The employees of the organization may misuse these privileges and may transfer the information to the competitor or the peers for selfish interests and objectives. The impact of such risks and attacks may be extremely adverse for the organization. 

Password Cracking

This form of security attack has been in existence since a very long time and has seen transformations over the years in terms of the execution patterns. Management Information Systems are also infected with these attacks in which an attacker cracks the passwords of the users to gain access to the system. In this attack, the malevolent entity may guess the password and match the same with the cryptographic hash. The access that is acquired may then be used to capture the data sets or to modify the same. 
In this manner, the confidentiality and integrity of the data sets may be compromised. There are also the cases in which the users are not aware about the characteristics of the string passwords that they must select in order to protect their data and information. Such weak passwords are easier to crack which provide the attackers with the ability to easily break into the security of the system. 

Information Breaches & Data Loss

The primary objective of the attacker is to breach the information security and privacy by the mechanism of different forms of security attacks. 
The breaching of the information is common in the case of Management Information Systems as well. In these systems, there are newer mechanisms that are being used by the attackers to break in the security and privacy of the data sets. These systems are often accessible over the cloud which leads to the breaching of the information through the network security attacks. There is also a loss of data that occurs while transfer of information from one place to the other (Olavsrud, 2017). 

Impact of Security Issues

The new and existing forms of security attacks that take place on the Management Information Systems that are deployed in the organizations often lead to the adverse impacts on the information sets as well as the organization and the associated stakeholders. 
There are certain business units that deal with critical and extremely sensitive information sets. For instance, there are a lot many regulatory requirements that must be met by the financial or healthcare institutions. In case of an information breach or other security attack in such organizations, the impacts may include legal obligations for the organization. There is also loss of customer trust and engagement that is witnessed with the frequent occurrence of the security attacks in an organization. 
The brand value and brand recognition of the organization in the market also suffers badly as there are other competitors that take advantage of such a situation. 
It is, therefore, becomes necessary to put a check on such security attacks and issues to make sure that the customer base is always maintained and the information sets are always protected. 

Set of Countermeasures

The business organizations must ensure that they adapt the mix of the following security controls to put a check on the security issues and attacks. 

Administrative Controls

Technology has made the process of administration, review and audit extremely easy and has also enhanced the accuracy of the results. 
The business organizations must make sure that they make use of the latest technological tools to carry out the security audits and reviews. Such tools capture the activity logs of the Management Information Systems along with the other systems and applications that are integrated with it. The tools capture all the activity and automatically highlight the strong and weak areas. In this manner, the organization will get to known about the areas that they must work in to so that the overall security architecture may be improved. 
It is also necessary to ensure that the security plans and policies are updated at regular intervals as per the latest regulatory norms. There is often a change that is made in the legal policies and procedures. The administration of the organization must make sure that the updates are made and are implemented across all the business units (Shamala, Ahmad & Yusoff, 2013). 
The methodologies that are followed in the organization for security management and administration also play a viable role. These methodologies provide the guidelines to the security managers and administrators on the path that they must follow to control the security issues. However, there is no defined policy that has been created and it varies as per the nature of the organization. The selection of the methodology must be backed by adequate and effective planning and analysis. 

Logical & Technical Controls

Most of the security attacks that take place in association with the Management Information Systems involve networks as the primary agent of the threat. There are also other agents that are involved, such as database, human resources, storage devices, and many more. 
Technical and logical controls provide the business units with the tools and equipment that they may implement for the resolution of the security attacks and issues. Ransomware and malware attacks can be controlled and avoided with the aid of anti-malware tools that come along with the ransomware protection (Rastogi, Chen & Jiang, 2014). These tools block the suspicious activities and access to the system and alert the users with the information on the same. The suspicious files are also automatically discarded and blocked. Similarly, there are anti-denial tools that have been developed to put a check on the denial of service and distributed denial of service attacks. 
There are also network control tools that have been developed to make sure that network-based and IoT-based security attacks can be controlled. These tools come in the form of intrusion detection and prevention systems, network monitoring and network scanning tools. 
The organizations must also work on the access control mechanisms and the authentication checks that they install in their business units. These access control methods must use the latest in the field such as role based or attribute based methods. Also, the authentication systems must be backed by the use of one time passwords, biometric recognition, and single sign on and likewise. 
The basic security measures must also be used in the form of firewalls and proxy servers. 

Physical Controls

The organizations do not pay attention to the physical controls after the development of the advanced technical and logical controls.
However, these controls are also extremely essential for the organizations to make sure that the enterprise applications, such as Management information systems and likewise are protected. The presence of surveillance tools and guards on the data centre entry and exit gates must be ensured. The access and identity of the employees must also be validated along with the equipment that they may be carrying with them. 

Recommendations & Conclusion 

The business organizations must make sure that they provide their employees with the ethical trainings and sessions to make them understand the impacts of the security issues and attacks. Also, there shall be regular updates that must be installed so that the security vulnerabilities are resolved. The use of weak passwords by the users also leads to the easy occurrence of the security attacks. The users must be made aware about the characteristics of the strong passwords along with other protection measures that they must follow at their end. 
There are abundant data volumes that are handled and processed by the business organizations in the current times. The information systems, such as Management Information System (MIS) provide the organizations with the ability to manage the information sets. These are the automated systems that are designed to collected, process and manage huge volumes of data to provide the business managers and executives with regular reports. There may; however, be a lot many security attacks that may take place in association with the MIS, such as ransomware and other malware attacks, IoT-based security attacks, denial of service and distributed denial of service attacks, password cracking, insider threats, information breaches and data loss. These attacks organizations often lead to the adverse impacts on the information sets as well as the organization and the associated stakeholders. The security controls that may be used to avoid such security issues shall include a combination of administrative controls, logical and technical controls along with the physical controls. 
MIS and other enterprise applications comprise of critical data sets and it must be ensured that the security of these applications is always maintained by the organizations. The failure to do so can be fatal for the organization and its associated stakeholders. 

References

Place Order For A Top Grade Assignment Now

We have some amazing discount offers running for the students

Place Your Order

Abdur, M., Habib, S., Ali, M., & Ullah, S. (2017). Security Issues in the Internet of Things (IoT): A Comprehensive Study. International Journal Of Advanced Computer Science And Applications, 8(6). http://dx.doi.org/10.14569/ijacsa.2017.080650
Collett, S. (2017). Five new threats to your mobile security. CSO Online. Retrieved 11 January 2018, from https://www.csoonline.com/article/2157785/data-protection/five-new-threats-to-your-mobile-security.html
Colwill, C. (2009). Human factors in information security: The insider threat – Who can you trust these days?. Information Security Technical Report, 14(4), 186-196. http://dx.doi.org/10.1016/j.istr.2010.04.004
Harsh, S. (2017). Management Information Systems. Departments.agri.huji.ac.il. Retrieved 11 January 2018, from http://departments.agri.huji.ac.il/economics/gelb-manag-4.pdf
Mosenia, A., & Jha, N. (2017). A Comprehensive Study of Security of Internet-of-Things. IEEE Transactions On Emerging Topics In Computing, 5(4), 586-602. http://dx.doi.org/10.1109/tetc.2016.2606384
Olavsrud, T. (2017). 9 biggest information security threats through 2019. CIO. Retrieved 11 January 2018, from https://www.cio.com/article/3185725/security/9-biggest-information-security-threats-through-2019.html
Rao, R. (2018). Defend Yourself : Introduction to Malware and Countermeasures | TCS Cyber Security Community. Securitycommunity.tcs.com. Retrieved 11 January 2018, from https://securitycommunity.tcs.com/infosecsoapbox/articles/2017/11/04/defend-yourself-introduction-malware-and-countermeasures
Rastogi, V., Chen, Y., & Jiang, X. (2014). Catch Me If You Can: Evaluating Android Anti-Malware Against Transformation Attacks. IEEE Transactions On Information Forensics And Security, 9(1), 99-108. http://dx.doi.org/10.1109/tifs.2013.2290431
Shamala, P., Ahmad, R., & Yusoff, M. (2013). A conceptual framework of info structure for information security risk assessment (ISRA). Journal Of Information Security And Applications, 18(1), 45-52. http://dx.doi.org/10.1016/j.jisa.2013.07.002
Yan, Q., & Yu, F. (2015). Distributed denial of service attacks in software-defined networking with cloud computing. IEEE Communications Magazine, 53(4), 52-59. http://dx.doi.org/10.1109/mcom.2015.7081075

Get Quality Assignment Without Paying Upfront

Hire World's #1 Assignment Help Company

Place Your Order