StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Considering the Threats and Vulnerabilities of Information Systems: A Plan for Improvements - Coursework Example

Cite this document
Summary
"Considering the Threats and Vulnerabilities of Information Systems: A Plan for Improvements" paper purposes actions that include: enhancements to the hiring and promotion processes, implementing a contingency in job appointments, enhancing the sustainability of basic technology…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER93.1% of users find it useful
Considering the Threats and Vulnerabilities of Information Systems: A Plan for Improvements
Read Text Preview

Extract of sample "Considering the Threats and Vulnerabilities of Information Systems: A Plan for Improvements"

Running head: PLAN FOR INFORMATION SYSTEMS Considering the Threats and Vulnerabilities of Information Systems: A Plan for Improvements Considering the Threats and Vulnerabilities of Information Systems: A Plan for Improvements While some of the Fort Lauderdale Police Department (FLPD) of Florida's modes of management aim to support the department in its efforts to protect citizens, the policies and procedures to protect its information systems require improvements. The occurrences of manmade and natural disasters along with the ever-rising threat of cyber-terrorism warrants continued development of risk management planning-an established effort to improve guards of information systems (BCF). As it offers added support in plans of action to eliminate or reduce risk (BCF; Wright, 1999), FLPD's Risk Management Division should plan and implement strategies to address imminent, internal, and external threats to information systems. The current use of forethought in risk management planning considers possibilities. However, current considerations should be examined to further scrutinize the consequential effects of internal and external threats. To combat internal and external threats and guard information systems, proposed actions include the following: enhancements to the hiring and promotion processes, implementing a contingency in job appointments, enhancing sustainability of basic technology. Guarding the Information System The interconnectivity of FLPD's Information Systems Unit provides secured information with added convenience. Interconnectivity of the system allows immediate responses to inquiries and eliminates lag time possible from manual efforts to retrieve information (flpd.org). When an emergency call is entered into the Computer Aided Dispatch System (CAD), the CAD instantly checks other databases supported by the ISU and instantly relays dependable and pertinent information. Thus, the efficiency of the ISU aids FLPD's Public Safety Communications Center in its quick responses to the emergency needs of its citizens. Without effective or secured informational systems, however, emergency operations may lack proficiency in their efforts to respond to citizens' needs. Time is a critical element of rescue efforts. Mishandled minutes or seconds may result in delayed responses, deaths, or even a crisis. One purpose of FLPD's Public Safety Communications Center's information systems is to decrease the opportunity of danger by retrieving dependable information for the purpose of responding to emergency needs of citizens. Not only does the ISU support FLPD's locally operating system, but it is also linked to databases that harbor critical information for other areas. For example, the ISU's informational contribution to Florida Crime Information Center Systems adds pertinent information to The National Crime Information Center Systems (SafirRosetti, 2006). Jeopardy FLPD's centralized information system renders extremely vulnerable. Information systems act as the nucleus of interconnectivity and efficient communication (ISACA). The absence of interconnected systems that work properly disturbs emergency operations. Thus, guarding FLPD's Information Services Division is imperative and requires the implementation of new policies and procedures that begin with the hiring process. Enhancing the Hiring Process The Fort Lauderdale Police Department (FLPD) recognizes the serious role of staff working in the Information Services Division, as it reports that "all personnel are mission critical" (SafirRosetti, 2006, p. 44). Thus, all staff members must be thoroughly screened and periodically evaluated. The police department assesses the credibility of candidates for employment through background checks, a series of interviews, tests, and extensive training (ci.ftlaud.fl.us/jobs). For applicants seeking positions within FLPD, the hiring process may seem strenuous or in-depth. For the FLPD, however, the process is the usual application, series of interviews, and/or background checks. Does the fact that an who applicant successfully completes an application, series of interviews, and background check prove his or her worthiness as a genuine applicant-one who has no concealed motives for which to apply Motivations to apply for a job within a police department fall inside a broad range, one that is too far-reaching for an application process to narrow and determine for each individual. Some individuals may seek a dependable job that helps the public. Others may be on the prowl hunting for a channel that provides opportunities to carry out malicious acts. Some individuals seek the most convenient and inexpensive method to destroy certain targets. While the application process may eliminate some applicants not suitable for positions within the police department, it has no definite way of determining the motives of those who appear more suitable. Even the most extensive application, background check, and interview can fail to notice the hidden motives of an individual such as a cyber-terrorist. A cyber-terrorist uses "cyber tools to shut down critical national infrastructures (such as energy, transportation, or government operations) for the purpose of coercing or intimidating a government or civilian population." (Watson, 2002, p.8) Working as part of a police department would not only provide a suitable disguise as one who helps, but it also provides an ample opportunity for the cyber-terrorist to implement a plan of attack without the department knowing that an enemy lies within. Cyber-terrorists aim to destroy while evading suspicion. For example, Robert T. Morris' 1998 Internet Worm wreaked havoc on numerous computer systems before Morris was pinpointed as the culprit. Even so, Morris' identification, trial, and conviction transpired only because he spoke of his creation to several people. Another cyber-terrorist of the 1980's, the author of the infamous Michelangelo virus, remains unidentified and escaped consequences altogether (Littleton, 1995). The great probability of successfully evading capture coupled with benefit of easily inhabiting restricted areas makes the crime of cyber-terrorism more appealing. Thus, the duty of operating and maintaining restricted informational systems provides a cyber-terrorist ample opportunity and may compel him or her to seek a position within FLPD's Information Systems Division. Unfortunately, a cyber-terrorist can gain access to a restricted area without physical occupancy within the Information Systems Division. The cyber-terrorists' sophisticated abilities enable them to "crack passwords or find a back door route through a security firewall" and show that hackers can easily use a simple act to corrupt data in high technology (Wilmot, 2004, p. 287). As their abilities of sophistication empower them, cyber-terrorists receive the same command over a computer system as a trusted systems manager (Morris, 2005). To combat the internal and external threats of cyber-terrorism, the Risk Management Division should implement new policies with regard to attaining and maintaining new positions and promotions. Contingency of Positions Once an applicant has acquired a desired position with the department, his or her continued job appointment should be contingent upon terms of a 90-day probationary period. The probation should include more frequent observations, additional interviews and evaluations by the supervisors. In addition, observations and evaluations should not be the only means to determine his or her job appointment, proficiency, or promotion. A ten-part phase similar to the probationary period should be required prior to an employee's promotion to the Information Services Division. Thus, the period of approximately five years would allow supervisors to assess the proficiency and trustworthiness of an employee prior to approving any promotions, especially ones to the Information Services Division. To further enhance the contingency process, supervisory positions require attention. The person in charge of managing FLPD's Information Systems Unit (ISU) observes and evaluates staff members who work with the information system (SafirRosetti, 2006). Since managing the ISU entails more duties than observing and evaluating staff members, observations and evaluations provide limited protection for the system. Performing a host of other duties undoubtedly interferes with supervisors' competence while evaluating subordinates. Wilcot (2004) points out the haphazard security of information systems: "In most agencies, security is relegated to someone in the information services (IS) department, who usually has many other duties." (p 291) In other words, the person who manages the ISU and those operating it has added responsibilities that may detract his or her meticulous guard of the system. Though FLPD implement plans to protect the information systems, the potential for internal threats still exist. Therefore it is imperative that supervisors have the sole and single responsibility of performing evaluations. Evaluating supervisors should not be held accountable for any other duties besides protecting the best interest of the information systems. Moreover, the current initiative for information security should create a new position a part from one managing the ISU. The new position should be high in the management hierarchy and occupied by the Director of Information Security Management (Wilcot, 2004). The director's sole purpose should be to evaluate and respond to threats of the information system. Streamlining duties will induce competence among system operators and enhance security of the information system. If enhancements of the hiring process, contingency of job appointments, or creation of the Director of Information Security Management do not completely remove applicants and/or employees with harmful intent, it will at least prolong time before their attaining a position within the Information Services Division. Implementation of the aforementioned strategies would enhance FLPD's current methods that address internal threats with added protection for its information systems. Enhancing Sustainability of Technology Like internal threats, external circumstances also endanger the basic feature components of information systems. Unforeseen events such as natural disasters and terrorist attacks detrimentally affect information systems critical to public safety. Communication within and among agencies at various levels is a critical element of any rescue effort (FRC, 2006; Golden, 2006). However, the attack on September 11, 2001 (9/11) and Hurricane Katrina devastated communication efforts and significantly delayed rescue efforts (FRC, 2006). Thomas Kean, co-chairman of the 9/11 Commission, the First Response Coalition illustrates that the call for action is the same now as it was several years ago: "On September 11, people died because police officers couldn't talk to firemen. And Katrina was a reenactment of the same problem" (FRC, 2006, p. 7). To prevent a repetition of crises caused by 9/11 and Hurricane Katrina, established systems should be enhanced to sustain interconnectivity and interoperability through unforeseen events and/or natural disasters. Since major failures of technology resulted in the 9/11 attack, directing improvements toward ensuring sustainability of basic technology is plausible. To avoid manual restoration of services, however, The Risk Management Division should consider creating a virtual command center for FLPD (Turoff et al, 2003). A virtual command center would continue to utilize the efficiency of basic technology. In the event that the technology is disabled, it could be restored without the human presence at a particular site. As a result, the reinstatement of power and rescue efforts could be expedited. According to Littleton (1995), the versatility of information systems provide systems' operators with multiple opportunities to implement change. Adding a compatible link onto established systems would implement the modification necessary to enhance information systems. Protecting Without Disruption The aforementioned strategies would not only enhance security, but their implementation would also cause little disruption to the established policies and procedures as well as information systems. If implemented properly, the Risk Management Division would succeed in its efforts to support FLPD's responsibility of responding to and providing for the needs of its citizens. References Broward County Florida. Risk management division. Retrieved January 16, 2007, from http://www.broward.org/riskmanagement/welcome.htm. First Response Coalition. (2006, April). The imminent storm 2006: Vulnerable emergency communications in eight hurricane prone states. Retrieved January 19, 2007, from http://www.firstresponsecoalition.org/docs/Hurricance-Interop-Paper.pdf. Fort Lauderdale Police Department. Communications center. Retrieved January 7, 2007, from http://www.flpd.org/commcenter.html. Fort Lauderdale Police Department. Fort Lauderdale Police Department human resources. Retrieved January 7, 2007, from http://ci.ft.aud.fl.us/jobs/employment/info.html. Golden, C. (2006, September). A clear message: As a firefighter at Ground Zero, and now with GSA, Michael Pena pushes for better emergency communications. In Government Computer News. Retrieved January 5, 2007, from InfoTrac OneFile via Thomson Gale: http://find.galegroup.com/ips/printdoc.do&prodid=IPS &userGroupName=lirn_main&doc ISACA: Serving IT Governance Professionals. ISACA overview and history. Information Systems Audit and Control Association. Retrieved January 3, 2007, from http://www.isaca.org/PrinterTemplate.cfmsection=overview_and_History&Template=Co... Littleton, M. J. (1995). Information age terrorism: Toward cyber terror. Retrieved January 13, 2007, from http://www.fas.org/irp/threat/cyber/docs/npgs/terror.htm. Morris, D. A. (2005). Tracking a computer hacker. United States Department of Justice. Retrieved January 8, 2007, from http://www.usdoj.gov/criminal/cybercrime/usamay2001_2.htm. SafirRosetti (2006) Staffing Study of Fort Lauderdale Police Department. Retrieved January 5, 2007, from http://ci.ftlaud.fl.us/documents/safir_study071505.pdf. Turoff, M., Chumer, M., Van de Walle, B., & Yao, X. (2003). The design of emergency response management information systems (ERMIS). Retrieved January 17, 2007, from http://web.nijt.edu/turoff/Papers/cmcrdesignfinaljitta.html. Watson, D.L. (2002). Congressional testimony: The terrorist threat confronting the United States. The Federal Bureau of Investigation. Retrieved January 8, 2007, from http://www.fbi.gov/congress02/watson020602.htm. Wilmot, R. (Ed.) (2004). Domestic and international terrorism. Boston, MA: Pearson Custom Publishing. Wright, G. C. (1999). Operational Risk Management. Mobility Forum: The Journal of the Air Mobility Command's Magazine. Retrieved January 16, 2007, from Academic Search Premier: http://web10.epnet.com/DeliveryPrintSave.asptb=1&_ug=sid+ABD96D7B-0CD4-4E45-9... Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Considering the Threats and Vulnerabilities of Information Systems: A Coursework, n.d.)
Considering the Threats and Vulnerabilities of Information Systems: A Coursework. https://studentshare.org/management/1500950-considering-the-threats-and-vulnerabilities-of-information-systems-a-plan-for-improvements
(Considering the Threats and Vulnerabilities of Information Systems: A Coursework)
Considering the Threats and Vulnerabilities of Information Systems: A Coursework. https://studentshare.org/management/1500950-considering-the-threats-and-vulnerabilities-of-information-systems-a-plan-for-improvements.
“Considering the Threats and Vulnerabilities of Information Systems: A Coursework”. https://studentshare.org/management/1500950-considering-the-threats-and-vulnerabilities-of-information-systems-a-plan-for-improvements.
  • Cited: 0 times

CHECK THESE SAMPLES OF Considering the Threats and Vulnerabilities of Information Systems: A Plan for Improvements

Data Protection: The Future of Privacy

As information systems are now considered as the fundamental function, every organization acquires information systems for business automation, better customer service, and ROI (return on investment).... However, there is not a single law that states how to handle customer information.... For this reason, organizations sell or trade customer information with business partners and even to third parties.... Likewise, they emphasize more or external security threats rather than internal vulnerabilities....
14 Pages (3500 words) Report

Cybersecurity Threats and the Future of the Internet

The paper "Cybersecurity threats and the Future of the Internet" discusses that cloud computing is subject to an equal amount of external threats like any other modern-day technologies and interfaces.... These threats come in various forms ranging from internal threats and variants to the external forces that are operating outside.... Despite being the most effective means of communication and business operations technology poses numerous threats....
17 Pages (4250 words) Coursework

Information System Security

he purpose of this study is to identify the role of risk management as part of the security model of modern information systems.... or the identification of the risks faced by modern information systems, the researcher identified and presented the most common risks and threats a modern information system faces today and how they have developed over time.... The researcher proceeds with a detailed analysis of the available technologies for risk reduction in information systems....
56 Pages (14000 words) Essay

The Development Information Security

This essay describes increasing trend of digitized information, globalization of markets and resources has accelerated the incident of data loss and security issues.... Consequently, this ever-increasing security threat has led to the development of numerous information security standards.... This security framework provides steps to establish best suited information Security Management System (ISMS) for SMEs....
25 Pages (6250 words) Essay

The US Army and the Cyber Domain

From the paper "The US Army and the Cyber Domain" it is clear that aimed at greater efficiency and soundness in cyberspace activities, the US army has proposed a plan to integrate a program with their international partners so that they can enhance the collective cybersecurity.... It is noteworthy that cyberspace has actually enhanced the operational efficiency of the US Army and has actually increased the convenience of exchange of information.... The knowledge base of the user needs however to be developed further to make the user well acquainted with the possible vulnerabilities....
6 Pages (1500 words) Case Study

Aviation Security and Restore the Public's Confidence in Air Travel

DOT then worked to strengthen security through its modal administrations while simultaneously organizing the new agency to meet the longer-term challenge of implementing security improvements that will not excessively inhibit commerce and travel or interfere with other critical agency missions.... These vulnerabilities included failure to detect threats when screening passengers and their carry-on bags prior to their boarding aircraft and the absence of any requirement to screen checked baggage on domestic flights; inadequate controls for limiting access to secure areas at airports; and failure to secure air traffic control computer systems and facilities....
7 Pages (1750 words) Term Paper

Cyberterrorism: What Is It

The term cyberterrorism does not involve inflicting physical harm it does cause damage to computer programs and systems.... It pertains to premeditated, politically motivated assaults carried out by sub-national groups or clandestine agents which in turn intend to cause chaos and conflict by carrying out a series of attacks to institutions, computer programs, computer systems, and data.... Its function is to monitor threats from various government agencies and analyze them in order to assess whether these would occur or not....
17 Pages (4250 words) Research Proposal

Cyber Criminals and Other Data Security Dangers

As information systems are now considered as the fundamental function, every organization acquires information systems for business automation, better customer service, and ROI (return on investment).... Therefore, securing the systems as well as data communication on the web is essential to protect.... The author popularizes the possibilities of ISO 27001 information Security Management Standard which aims to rectify and mitigate those threats....
16 Pages (4000 words) Term Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us