So Far So Good

Blogging for me was an interesting experience especially with the sole purpose focusing on Information Systems. I must say I have learnt a lot from my colleges especially their perspectives on similar topics relating to social media and cloud computing which was very interesting. We all have good points on the areas we wrote about which has broadened my horizon on those topics.

Who knows this might be a new hubby of mine where I get to express myself in a way that I can be easily understood with facts and figures. Information systems is a very broad field which is not easily narrowed down but it’s the best field to be involved in as new challenges arise and greater solutions oppose, of cause there must be new challenges in new innovations or inventions however when these barriers surmount the picture is always beautiful.

In terms of collaborative work in my own understanding it gives numerous choices to solving a particular problem. So far so good it has been great.

Information System: What are the Cons

For everything that has a good part, there is also a bad or ugly side to it, of course information systems has improved the way people approach things. Few examples are:  In the past you had to drive for miles to your favorite retail store to purchase an item, but now all you need to do is order for any item via any supported device and it would be delivered to your door. Another example is long distance communication where it took days for letters to be delivered from person A to Person B to communicate, we first had the email but now we have different types of instant messaging Platforms or applications available at our disposal. These are few of the numerous innovations in the world today.

Now let’s face the few impacts of these innovations, I remember in my digital innovation module when we were asked to re-imagine the high streets as it was beginning to look like a long deserted street where nothing happens at all, we had to first of all identify the problem why the streets of the UK where looking like that, well it was quite simple most retail organisations closed down as customers no longer patronised them because majority of what customers want could be purchased online.

Empty shops and commercial properties

Major Retailers like Littlewoods and Very once had stores in different locations across the UK but now they can only be accessed online as they have changed their mode of retailing to only online retail system which requires them to own warehouses in specific locations and a data centre were they manage all their transactions. I would say that many people who are not up to date on information technology have lost their jobs because they cannot seem to fit into the upcoming digitalized world we live in today.

For a minute lets imagine a scenario where there is an outage in the transportation industry maybe it is compromised by a group of hackers, what happens? Would it be like the issue Sony suffered?  Hopefully we don’t get to experience a situation like that in the nearest future.

In the name of Innovation individuals and organisations with ulterior motives steal people’s personal information for their selfish intents through numerous means. There is more that can be said lets think on the other side of information systems.

My Reflection on Terms and Condition may apply and CitizenFour : Protecting Your Personal Information

Enlightenment of any situation makes it possible for people to make at least 80% correct decisions. On my blog I have spoken about privacy in different spheres but I have not made recommendations on how to protect personal information online or otherwise.

I had the opportunity over the weekend to speak to an information security expert after seeing the Terms and Condition may apply and CitizenFour documentaries. This was his opinion on protecting one’s personal information.

He specified that it is important that people understand the risks involved when they allow certain information about themselves to be shared in anyway, he stated that personal information should only be shared amongst known friends and family only and not on social media sites. He specified that as much as possible people should use less data online if they want to have a private life which they want to live.

Key Issues we spoke about were and agreed on as manageable precautions were:

Protection of one’s self online (i.e. using as less personal data as possible).

  1. The ability to leave as little as possible digital trails (e.g. was the London bus payments and limiting the use of Credit or Debit cards all the time).
  2. Reading online user agreement before any consent.
  3. Encryption of email messages.
  4. Encryption of VIOP calls.
  5. Do not open Spam Mails.
  6. Do not make use of unverified websites.
  7. Check the permissions the apps you are about to use is requesting for.
  8. Stay Updated on the latest treats to Personal information out there.

The context of terms and condition offered by most organisations are too long and people never have the time to read them. Governments have a role to play in this context as they need to specify a law to organisation stating that the terms and conditions should be short and clear to whoever is going to read and agree to it. The wall street journal specified that customers lose up to 250 Billion Dollars each year due to what is written in the terms and conditions of most organisations.

I would definitely encourage us all to see these documentaries as they would help in enlightening us.

Minimizing security Breaches in Organisations Via Social Engineering

Due to the amount of security threats out there many organisations who felt reluctant in spending a good amount of money to improve the security system of their organisation have changed because of the recent information of the impact of a security breach to multinational organisations or rival organisation via different means. An example is the Sony security breach incident where hackers where able to infiltrate the security system of Sony gaining access to the personal information of Sony’s customers.

Let’s face some facts here carrying out a proper risk assessment (identification and analysis of the threats, vulnerabilities and risks to any given organisation) the security system of any organisation should be managed properly. Risk assessment involves 7 Major steps shown below:

  1. Identifying the assets; compiling all the assets in the organisation, which can be done using the asset register. These assets would have an asset number, location, type etc.
  1. Classifying the assets; this classification is based on the asset value. Some assets might have high business value but low financial value and vice versa.
  1. Identify the threats and vulnerabilities in the assets. This information could be found from past experiences, basic information about the organization or from public sourceslike the Internet.
  1. Identify the impacts on the organisation if these threats interact with the vulnerability.
  1. Identify the probability and frequency with which these incidents occur in the organization.
  1. Identify the impact factor, which relates to the seriousness of these impacts.
  1. Identify the risk factor, which is the probability and frequency multiplied by the impact factor.

After a risk assessment is carried out properly an organisation then chooses one risk assessment methodology which suites their organisation which might be CRAMM (CCTA Risk Analysis and Management Method), OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation), NIST (National Institute of Standards and Technology) or COBIT (Control Objectives for Information and Related Technology).

When a suitable risk Methodology is chosen for an organisation it is followed by a risk framework (which determines the impact factor of a threat to an organisation), asset classification (classification of assets in an order of importance to the organisation) and risk rating (the chances of a particular risk to an organisation occurring)

 

Most Organisations successfully carry out these risk assessments implementing the necessary security measures required but they fail to educate their employees on their impact of failing to adhere to set rules by the organisation in order to keep their business running. The Video above says it all. Some authors would say people are the weakest link when it comes to managing the security system of any organisation.

Aagedal, J., Oslo den Braber, F., Dimitrakos, T., Gran, B., Raptis, D., & Stolen, K. (2002).

Modelbased Risk Assessment to Improve Enterprise Security. Enterprise Distributed Object Computing Conference, 2002. EDOC ’02. Proceedings. Sixth International. IEEE Xplore.

Alberts, C. J. (2003). Managing information security risks: the OCTAVE approach. Addison-Wesley

Professional.

Alberts, C., & Dorofee, A. (2001). An Introduction to the OCTAVESM Method. Retrieved december

10, 2012 from http://www.cert.org/octave/methodintro.html

Australia, G. o. (2010). Event safety Risk assessment. Event safety Risk assessment sheet .

The IT Governance Institute. (2004). COBIT student Book. COBIT student Book

 

CRAMM. (2011). How CRAMM Works. Retrieved december 6, 2012 from http://www.cramm.com:

http://www.cramm.com

Panda, P. (2009). The OCTAVE Approach to information Security Risk Assessment. Retrieved

december 11, 2012 from http://www.isaca.org

Greene, Tim. ‘Worst Security Breaches Of The Year 2014: Sony Tops The List’. Network World. N.p., 2015. Web. 11 Mar. 2015.

Tesco Scan as you Shop

Has anyone noticed the Scan as you shop device which is currently offered by Tesco, I have used the device which is very good and easy to use for people who want to avoid the long annoying queues at the supermarket and it also helps individuals with a specific budget to avoid removing or returning items at the point of payment. This device which requires a Tesco club card with some personal information to utilize can be found at the entrance of the store, which makes shopping more fun for people who love going into stores to shop for items (retail shopping therapy), maybe in the nearest future other retail stores would adopt this new system being offered by Tesco.

The Best Way of Storing Information

Cloud Storage

I remember a few years ago when owners of personal computers were afraid of losing their data through hard disk malfunction, theft, virus and malware. People made use of the available backup storage devices which was expensive to purchase to back up their data. These back up devices could also be lost or stolen and even damaged in many ways, sometimes the size of data for backup determined the size of backup storage a user had to purchase.

Looking at Large organisations which large amount of data to backup was very expensive and not easy to maintain, a breakthrough came to be when people could save their data over the web for free at a particular capacity (Dropbox 2GB and Google Drive 15GB) and could be accessed anywhere with real-time updates, Individuals or organisations who needed more backup storage space did it at a very low cost when compared to the conventional methods which had numerous threats and vulnerability.

A bigger picture came to be as organizations invested in procuring large amount of storage devices for managing and storing the data of individuals and organisations which was and is a great idea. Today large organisations are changing their storage and back-up systems to the cloud as it is reliable and cost effective.  Further developments evolved from just storing data online to paying for software services online to manage an organisation system by a service provider. Another option was developing applications or software’s on the cloud for an organisation and the last option is purchasing large amount of storage space from a cloud service provider to manage the entire information system of an organisation. I believe there is more that can be achieved from the cloud management system, who knows the next innovation that might come to be.

Research Made Easier

Solar

SOLAR

The effective system of accessing numerous amounts of books online is a great attainment. A student, lecturer or a researcher can easily access any article or book online via SOLAR database on the University of Salford website which groups information accurately according to the different categories

Although scholars still read hard copy books, I can say it is more convenient for me as a person to search for information online as I can assess multiple information from my personal computer at home or my mobile device via SOLAR.

I would say it is great as it gives people access to books, journals, newspapers, and DVDS by just searching for a topic or word allowing people to streamline what they are searching for narrowing everything properly and adequately.