StudyDaddy Computer Science There is a new movement in many organizations called "Bring Your Own Device". Many employees want to be able to bring their own laptop (iPad, tablet) to the workplace, connect to the company’s intrane

There is a new movement in many organizations called "Bring Your Own Device". Many employees want to be able to bring their own laptop (iPad, tablet) to the workplace, connect to the company’s intrane

MBA 5401, Management Information Systems 1 Cou rse Learning Outcomes for Unit V Upon completion of this unit, students should be able to: 10. Explain important information systems compliance and security considerations. 10.1 Describe the business value of information systems security and compliance. 10.2 Explain how an organization’s information systems are vulnerable to internal and external threats. 10.3 Explain the use of technology tools withi n an organization’s security and control framework. Reading Assignment Chapter 8: Securing Information Systems Unit Lesson Information Systems Security How does security fit into the IT infrastructure? Most people understand the value of having a secure working environment. Not only is information technology (IT) concerned with the physical security of its assets (e.g., laptops, computers, printers, servers), but it also has to be concerned with virtual security. Here are some questions to ask ourselves:  How do we keep our biggest asset, our data, safe from thieves?  How do we control access to our systems and keep the hackers out?  How do we keep out networks safe from an attack so that we can maintain business continuity?  How can we possibly keep up with all the risks? Organizations today are constantly dealing with these issues. Networks are separated to allow access only to those who need it. Firewalls are installed and antivirus software (as well a s other types of security applications) have to be kept up to date. Vulnerabilities can come from the Internet in the form of a Denial -of- Service attack. Email can contain bad attachments. We have all heard of malware. Malware is malicious software and inc ludes viruses, worms, Trojan horses, SQL injection attacks, ransomware, spyware, and keyloggers. Thieves and hackers are developing new ways to hack into systems all the time. Ask any large company security professional, and they will tell you that peopl e are sniffing their networks every day looking for vulnerabilities. Not only can security threats come from the outside, but they can occur on the inside. Think of the disgruntled employee who wants to sell the latest trade secrets of the company. Think of the employee with a gambling addiction who wants to figure out a way to skim money from the company. Some employee threats are not even malicious. The software developer may accidentally place a vulnerability into the system by not adding the correct se curity into an internal software application. So, what is the business value in maintaining secure systems? Most of us have some sense of the answer to this question. Think of recent news items, such as the Target credit card breach. It is just plain bad publicity for one thing, not to mention allowing people’s money to be stolen. The hard truth is that breaches like the one that Target had can cost companies millions of dollars. All that stolen money has to be paid back.

Credit cards have to be replaced, which come with a large fee from the bank. There are fines that have to be paid as well. The company is ultimately liable and has to pay all of those charges. UNIT V STUDY GUIDE Security and Compliance MBA 5401, Management Information Systems 2 UNIT x STUDY GUIDE Title The compliance or business value side of this involves Sarbanes -Oxley for record retention and d ata integrity. The credit card part includes payment card industry (PCI) compliance. If you do not pass PCI compliance, then as a business, you will not be allowed to take credit cards. The Gramm -Leach -Bliley Act of 1999 also calls for security and confide ntiality of data. I am sure we have all heard of Health Insurance Portability and Accountability Act (HIPPA), which deals with medical security and privacy. Businesses have to adhere to governmental laws for data security, or they will find themselves in a legal predicament. Legal predicaments just mean one thing to most organizations: “This is going to cost us money.” For this reason, companies in the last ten years or so have added security and compliance to their ongoing strategic initiatives. Many comp anies will hire outside risk -assessment teams to evaluate their potential physical and virtual risks. Also, this means adding yet another item to the annual budget. Nowadays, organizations need security teams and security software that will monitor systems and either detect or prevent threats. Email and Internet usage has to be logged and network activity has to be monitored and logged. Not only is that software costly, but they need servers and databases to store that data and the applications that accompa ny it. From a legal standpoint, a company has to be able to respond to any legal request for information. Electronic records management is very important to contingency planning. What are information system controls and how do you manage them? According to Laudon and Laudon (2016), “even with the best security tools, your information systems won’t be reliable and secure unless you know how and where to deploy them” (p. 321). The organization has to know where its risks and vulnerabilities are located. Sec urity controls need to be put in place to protect your data and your systems. Organizations also have to develop security policies. Along with security policies are acceptable use policies, which define the acceptable use of company information -based asset s and computing equipment. There are many different types of information systems controls. All of these controls and policies make up an organization’s security framework. There are general controls, software controls, and data controls. One popular data control deals with backing up servers and databases. Server administrators will usually backup servers with some type of snapshot technology. The database admins will back up the data, and how long and where those databases are stored is a matter of contro ls and company policy. In addition to an organization’s policies and controls, there will usually be an internal and external auditing function. Internal auditors try and catch any security and control issues before the external auditors are let loose. A mazingly, an organization is required to hire external auditors to (hopefully) put their stamp of approval on the organization’s systems, controls, documentation, and procedures. Other parts of risk assessments, controls, and policies include disaster re covery and business continuity. Disaster recovery involves the creation and implementation of a plan to restore the IT side of the business when there has been some type of disruption. A server that goes bad may failover to a server stored in another city that houses the servers. The disaster recovery center will likely be an exact duplicate of the existing operational data center. A business continuity plan will hold all of the information pertinent to getting the business up and running again in case of e mergency. Can you see how disaster recovery and business continuity go hand -in-hand? Many of these topics are discussed in much more detail in Chapter 8 of your textbook. Reference Laudon, K. C., & Laudon, J. P. (2016). Management information systems: Managing the digital firm [VitalSource Bookshelf version] (14th ed.). Retrieved from https://bookshelf.vitalsource.com/#/books/9780133898309/ MBA 5401, Management Information Systems 3 UNIT x STUDY GUIDE Title Suggested Reading What does PCI really mean for a business or corporation? This supplemental journal article is a very interesting article that discusses real world PCI requirements and compliance in a business setting. In order to access the resource below, you must first log into the myCSU Student Portal and access the Business Source Ultimate database within the CSU Online Library. Willey, L. & White, B. J. (2013). Teaching Case Do you take credit cards? Security and compliance for the credit card payment industry. Journal Of Information Systems Education , 24 (3), 181 -188. Learning Activities (Nong raded) Re ad the article “Teaching Case Do you take credit cards? Security and compliance for the credit card payment industry” found in the CSU Online library. Write a brief one page summary and critique of the article.

Do you think that the PCI requirements are to o complex and stringent for most businesses? In addition to the textbook, you may use external sources or select sources from the CSU Online library. Be sure to reference and cite all sources used with proper APA formatting. As this is a non graded activit y, this work cannot be uploaded to Blackboard. If you would like your professor’s feedback on your work, send this document to them in an email with a note that you would like to receive feedback on your non -graded activity.

Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!