Countermeasures White Paper

The use of internet, telecommunication system and telecommunication technologies have risen at a high rate in the recent past with the increase in the technological advancements. As a result, the use of the technologies and systems has made organizations and companies to be vulnerable to network threats and risks that lead to organizational loss of information (Gordon, Fairhall, & Landman, 2017). The organizational networks systems can be subverted or infiltrated in many ways thus causing vulnerability and threats to organizational information system security. The threats result either internally or externally of a company or an organization (Hwang & Cha, 2018). As a consequence, this paper explains why organizations or companies need to have a good understanding of threats that there information security systems are exposed to so as to take desirable measures to protect their information. The countermeasure for threats discussed in this paper include accidents, vandalism, accidents, computer viruses, sabotage, theft, and unauthorized access. 

Classification of the threats in a probability-impact matrix

		Impact
		Trivial	Minor	Moderate	Major	Extreme
Probability	Rare				Sabotage
	Unlikely				Vandalism	Theft
	Moderate					Unauthorized Access
	Likely				Accidents	Computer virus
	Very likely

From the probability-impact matrix, it is evident that all the threats pose major to extreme impacts when they occur in an information management system. All the threats result in loss or damage of information which is detrimental to any organization. When information is damaged or lost, it leads to loss of confidentiality and rivals can access the information and use it against the company. When data is damaged, it means that the system will produce faulty information which can mislead the company. However, the six risks have varying probability of occurrence from unlikely to likely. 

Sabotage, vandalism, unauthorized access, and theft have low probability of occurrence because in rare cases employees have malicious intentions to an organization unless they are disgruntled. Also, it is hard for business rivals to gain access to the system of a rival company to have access to information that they may use against the rival in the market. However low the probability of occurrence is the three threats, when they occur they lead to adverse effects to a company because the information can be lost and damaged leading to loss of profitability and customer base in the market. Malicious use of the information can also tore the hardly built reputation of a company making it loses its customers’ trust. 

Solutions to the threats to information management systems

Today, cybercrime has become a big business where hackers and crackers can steal information like personal details, credit card information, and financial details among other credentials (Kurcheeva et al., 2017). As a result companies need to have a system that protects it from malicious attacks both inside and outside the organization to ensure that it keeps its data and information safe. First of all, a company should ensure that it appoints an information security officer and evaluate their existing information security policy (Patrick & Van, 2018). Information security officers should be given sufficient training with regards to organizational system to ensure that they can monitor systems’ operation and detect and debug errors and viruses. Evaluation of the existing system is also vital because it ensures that it meets organization’s current needs. 

Moreover, City Group should ensure that it offers information security training and improves its rates of incidence response. Information security will help City Group to combats the threats to its information security. Therefore, employee training ensures that all employees are well versed with the information security across the organization (Patrick & Van, 2018). Also, when City Group’s rate of response increases, it means that the speed at which attacks are reported is high. Consequently, the damage may be reduced or stopped before occurring. With regards to computer viruses, companies should ensure that they install antivirus software in their computers, PC, servers, and laptops (Pałęga & Knapiński, 2018). Also, when employees can access the server remotely, their computers hold has antivirus software installed in them to prevent information loss and corruption of data files (Patrick & Van, 2018). Also, the antivirus should be always updated and have a system which monitors and ensures that computers accessing the serve have update anti-viruses. Moreover, companies should employ firewalls to protect their networks and filter all email traffic because computer viruses are spread in form of emails.

Lastly, City Group should ensure that its systems are consistently monitored and improved. New threats and new virus are manufactured on a daily basis. Therefore, monitoring the system ensure that it provides all solutions to attacks and if it can, the system is improved and upgraded to meet the required standards (Frey-Pučko, 2018). City Group should keep abreast of current trends and improvements in the information security technology. 

Information security is a critical issue to organizations and individuals because it leads to huge financial losses. Threats are situations that may accidentally or deliberately exploit system vulnerabilities results in incidents of information security. Computer viruses, sabotage, theft, unauthorized access, vandalisms and accidents are the six threats that City Group’s information system is exposed to both internally and eternally. To overcome these threats, the company should employ information system officer and ensure that it has antivirus installed and updated in its servers, and computers. Also, the company should create information system awareness among all its employees, improve the rate of incidence reporting, and consistently monitor and improve the system. With the measures in place, the company will be in a position to combat the threats and prevent the financial losses associated with the threats. 

References

Dobrovoljc, A., Trček, D., & Likar, B. (January 01, 2017). Predicting exploitations of information systems vulnerabilities through attackers’ characteristics. Ieee Access, 5, 26063-26075.

Elmasri, R. (2008). Fundamentals of database systems. Pearson Education India.

Frey-Pučko, M., Kos, A., & Pustišek, M. (January 01, 2018). Security risk evaluation methods in IoT. The Ipsi Bgd Transactions on Internet Research, 14, 1, 8-12.

Gordon, W. J., Fairhall, A., & Landman, A. (January 01, 2017). Threats to Information Security – Public Health Implications. The New England Journal of Medicine, 377, 8, 707-709.

Gulaj, V. V. (January 01, 2017). Responding to threats to information security of Ukraine under the hybryd [!] war started by the Russian Federation: Risks for state, society and man. Konflikt Hybrydowy Na Ukrainie : Aspekty Teoretyczne I Praktyczne, 131-140.

Hwang, I., & Cha, O. (April 01, 2018). Examining technostress creators and role stress as potential threats to employees’ information security compliance. Computers in Human Behavior, 81, 282-293.

Kurcheeva, G. I., Denisov, V. V., Khvorostov, V. A., & International Conference on Information Technologies in Business and Industry 2016. (January 01, 2017). Threats to information security in a highly organized system of the “smart city”. Journal of Physics: Conference Series, 803, 1.)