Countermeasures White Paper

The use of the internet, telecommunication system and telecommunication technologies have risen at a high rate in the recent past with the increase in technological advancements. As a result, the use of the technologies and systems has made organizations and companies be vulnerable to network threats and risks that lead to organizational loss of information (Gordon, Fairhall, & Landman, 2017). The organizational networks systems can be subverted or infiltrated in many ways thus, causing vulnerability and threats to organizational information system security. The threats result either internally or externally in a company or an organization (Hwang & Cha, 2018). As a consequence, this paper explains why organizations or companies need to have a good understanding of threats that their information security systems are exposed to so as to take desirable measures to protect their information. The countermeasures for threats discussed in this paper include accidents, vandalism, accidents, computer viruses, sabotage, theft, and unauthorized access. 

Classification of the threats in a probability-impact matrix

		Impact
		Trivial	Minor	Moderate	Major	Extreme
Probability	Rare				Sabotage
Unlikely				Vandalism	Theft
Moderate					Unauthorized Access
Likely				Accidents	Computer virus
Very likely

From the probability-impact matrix, it is evident that all the threats pose major to extreme impacts when they occur in an information management system. All the threats result in loss or damage of information, which is detrimental to any organization. When information is damaged or lost, it leads to loss of confidentiality and rivals can access the information and use it against the company. When data is damaged, it means that the system will produce faulty information, which can mislead the company. However, the six risks have a varying probability of occurrence from unlikely to likely. 

Sabotage, vandalism, unauthorized access, and theft have a low probability of occurrence because in rare cases employees have malicious intentions to an organization unless they are disgruntled. In addition, it is hard for business rivals to gain access to the system of a rival company to have access to information that they may use against the rival in the market. However, although the three threats have a low probability when they occur they lead to adverse effects to a company because information can be lost and damaged leading to loss of profitability and customer base in the market. Malicious use of information can also destroy the hard built reputation of a company making it lose its customers’ trust. 

Solutions to the threats to information management systems

Today, cybercrime has become a big business where hackers can steal information like personal details, credit card information, and financial details among other credentials (Kurcheeva et al., 2017). As a result, companies need to have a system that protects it from malicious attacks both inside and outside the organization, to ensure that it keeps its data and information safe. First of all, a company should ensure that it appoints an information security officer and evaluate its existing information security policy (Patrick & Van, 2018). Information security officers should be given sufficient training with regards to organizational system to ensure that they can monitor systems’ operation and detect and debug errors and viruses. Evaluation of the existing system is also vital because it ensures that it meets the organization’s current needs. 

Moreover, City Group should ensure that it offers information security training and improves its rates of incidence response. Information security will help City Group to combats the threats to its information security. Therefore, employee training is necessary to ensure that all employees are well versed with information security across the organization (Patrick & Van, 2018). In addition, when City Group’s rate of response increases, it means that the speed at which attacks are reported is high. Consequently, the damage may be reduced or stopped before occurring. With regards to computer viruses, companies should ensure that they install antivirus software in their computers, servers, and laptops (Pałęga & Knapiński, 2018). Moreover, when employees can access the server remotely, their computers should have antivirus software installed in them to prevent information loss and corruption of data files (Patrick & Van, 2018). Along with that, the antivirus should be always updated and have a system, which monitors and ensures that computers accessing the server have updated anti-viruses. Moreover, companies should employ firewalls to protect their networks and filter all email traffic because computer viruses are spread in the form of emails.

Lastly, City Group should ensure that its systems are consistentlhttps://www.solutionessays.com/information-systems-security/y monitored and improved. New threats and new virus are manufactured on a daily basis. Therefore, monitoring the system ensures that it provides all solutions to attacks and if it can, the system is improved and upgraded to meet the required standards (Frey-Pučko, 2018). City Group should keep abreast of current trends and improvements in the information security technology.

Information security is a critical issue to organizations and individuals because it leads to huge financial losses. Threats are situations that may accidentally or deliberately exploit system vulnerabilities resulting in incidents of information security risks. Computer viruses, sabotage, theft, unauthorized access, vandalism, and accidents are the six threats that City Group’s information system is exposed to both internally and eternally. To overcome these threats, the company should employ an information system officer and ensure that it has an antivirus installed and updated in its servers and computers. In addition, the company should create information system awareness among all its employees, improve the rate of incidence reporting, and consistently monitor and improve the system. With the measures in place, the company will be in a position to combat threats and prevent the financial losses associated with these threats.

References

Dobrovoljc, A., Trček, D., & Likar, B. (January 01, 2017). Predicting exploitations of information systems vulnerabilities through attackers’ characteristics. Ieee Access, 5, 26063-26075.

Elmasri, R. (2008). Fundamentals of database systems. Pearson Education India.

Frey-Pučko, M., Kos, A., & Pustišek, M. (January 01, 2018). Security risk evaluation methods in IoT. The Ipsi Bgd Transactions on Internet Research, 14, 1, 8-12.

Gordon, W. J., Fairhall, A., & Landman, A. (January 01, 2017). Threats to Information Security – Public Health Implications. The New England Journal of Medicine, 377, 8, 707-709.

Gulaj, V. V. (January 01, 2017). Responding to threats to information security of Ukraine under the hybryd [!] war started by the Russian Federation: Risks for state, society, and man. Konflikt Hybrydowy Na Ukraine: Aspekty Teoretyczne I Praktyczne, 131-140.

Hwang, I., & Cha, O. (April 01, 2018). Examining technostress creators and role stress as potential threats to employees’ information security compliance. Computers in Human Behavior, 81, 282-293.Kurcheeva, G. I., Denisov, V. V., Khvorostov, V. A., & International Conference on Information Technologies in Business and Industry 2016. (January 01, 2017). Threats to information security in a highly organized system of the “smart city”. Journal of Physics: Conference Series, 803, 1.)