3 questions to this. All need to be answered in order to receive points: 1. What

Question

3 questions to this. All need to be answered in order to receive points:

1. What are two important security issues that enterprise systems commonly face? How do these issues threaten information and what high-level steps can a company take to mitigate the effects of these threats?

Defend your claims with material data from credible, appropriate resources that you acquire from the university library. Give strong preference to peer-reviewed sources

2. What are three common security risks that may arise when developing cross-functional systems? How can these be addressed during system development and system implementation?

Defend your claims with material data from credible, appropriate resources that you acquire from the university library. Give strong preference to peer-reviewed sources.

3. In addition to the hardware and software system components, what are other likely vulnerabilities within an enterprise information system? What makes them tempting targets? How could an attacker exploit them?

Defend your claims with material data from credible, appropriate resources that you acquire from the university library. Give strong preference to peer-reviewed sources.

Explanation / Answer

1.

Threats to security

Enterprise systems are faced with two kinds of threat: people and disasters. People include managers, employees, service personnel, temporary workers, suppliers, clients, thieves, liars and frauds. Disasters include fire, flood, earthquake, civil disturbance and war.

The problem of ascertainment

The difficulty in describing the risk of facing these threats is that we lack proper statistical information about how often different types of damage occur. In statistical work, this difficulty is known as the problem of ascertainment. Most organizations are reluctant to admit, let alone publicize, successful attacks on their information systems. Would you be comfortable putting your money in a local bank after it revealed a million?dollar fraud? Would you use a law firm whose client records had been used for blackmail?

The second part of the ascertainment problem is that even if people were reporting all the computer crimes and accidents they knew about, we would still not know about the crimes and accidents that have not yet been discovered.

You should therefore doubt the accuracy of all statistics about the incidence of damage and threats to information systems.

Having said all that, we still have to explain to managers and others why we want to spend their money on security. The following graph shows rough guesses about the causes of damage to information systems. Think of it as a guide to the industry consensus.

As you can see, the most significant cause of damage is ignorance and carelessness. Fire is a serious threat; water damage often accompanies fires because of fire?suppression systems and fire fighters. Unhappy and dishonest employees account for most of the rest of the damage, with viruses a distant last (and currently only for microcomputers). Outsiders are thought to account for no more than a sixth or so of all damage to information systems.

As usual, Donn Parker has a provocative and original view of these estimates. In a 1990 paper, he argued that, among other points,

Related Questions

Navigate

• Browse (All)
• Browse 3
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.