Information Technology for Managers
Added on 2023-04-21
23 Pages6894 Words51 Views
Running head: INFORMATION TECHNOLOGY FOR MANAGERS
Information Technology for Managers
Name of Student-
Name of University-
Author’s Note-
Information Technology for Managers
Name of Student-
Name of University-
Author’s Note-
1INFORMATION TECHNOLOGY FOR MANAGERS
Table of Contents
1. Introduction..................................................................................................................................2
2. Description of the Organization...................................................................................................4
3. Literature Review........................................................................................................................5
3.1 Definition of Information Security System...........................................................................5
3.2 Concepts of Information Security..........................................................................................6
3.3 Organizational Security Policy..............................................................................................9
3.4 Benefits of Network Security:.............................................................................................10
3.5 Need of System security......................................................................................................10
4. Security Attack on Uber............................................................................................................12
4.1 Cause of Attack....................................................................................................................13
4.2 Impact on Organization.......................................................................................................14
5. Mitigation process for Information Security.............................................................................14
6. Conclusion.................................................................................................................................16
References......................................................................................................................................19
Table of Contents
1. Introduction..................................................................................................................................2
2. Description of the Organization...................................................................................................4
3. Literature Review........................................................................................................................5
3.1 Definition of Information Security System...........................................................................5
3.2 Concepts of Information Security..........................................................................................6
3.3 Organizational Security Policy..............................................................................................9
3.4 Benefits of Network Security:.............................................................................................10
3.5 Need of System security......................................................................................................10
4. Security Attack on Uber............................................................................................................12
4.1 Cause of Attack....................................................................................................................13
4.2 Impact on Organization.......................................................................................................14
5. Mitigation process for Information Security.............................................................................14
6. Conclusion.................................................................................................................................16
References......................................................................................................................................19
2INFORMATION TECHNOLOGY FOR MANAGERS
1. Introduction
With the increasing use of internet and with the wide use of telecommunication
technologies as well as systems, the rate of using the technologies has become more intense.
With the increasing use of internet and technologies, the vulnerabilities have also increased in
the companies and organizations by using the advance modern technologies. The networks that
becomes vulnerable mostly gets infiltrated or gets subverted in many different ways. So, the
result of vulnerable networks might lead to threats in the organizations or in the companies that
use information technology (Peltier, 2016). There are many threats for the information system
that varies from place to place and are commonly known as inside threats and the external threats
in the organizations. For making the information system secured, the most important mitigation
and prevention process that are to be carried out in the organizations is identify the threats and
type of threats that company can face and the ways the threat can affect the information system
of the organization (Safa, Solms & Furnell, 2016). There are many such threats that are
commonly known as unauthorized threats such as computer virus, sabotage, accidents, computer
viruses and these unauthorized threats are mainly carried out by hackers and crackers.
The information system is mainly designed for protecting confidentiality, availability, as
well as integrity of the computer system that is used in the organization (Soomro, Shah &
Ahmed, 2016). The design for protecting the system in the organizations is commonly known as
CIA Traid and protection should be given to the CIA Traid from the malicious attack in the
organizations and companies. This particular triad is also known as Parkerian Hexad that
includes confidentiality, integrity, availability, authenticity, possession and utility.
1. Introduction
With the increasing use of internet and with the wide use of telecommunication
technologies as well as systems, the rate of using the technologies has become more intense.
With the increasing use of internet and technologies, the vulnerabilities have also increased in
the companies and organizations by using the advance modern technologies. The networks that
becomes vulnerable mostly gets infiltrated or gets subverted in many different ways. So, the
result of vulnerable networks might lead to threats in the organizations or in the companies that
use information technology (Peltier, 2016). There are many threats for the information system
that varies from place to place and are commonly known as inside threats and the external threats
in the organizations. For making the information system secured, the most important mitigation
and prevention process that are to be carried out in the organizations is identify the threats and
type of threats that company can face and the ways the threat can affect the information system
of the organization (Safa, Solms & Furnell, 2016). There are many such threats that are
commonly known as unauthorized threats such as computer virus, sabotage, accidents, computer
viruses and these unauthorized threats are mainly carried out by hackers and crackers.
The information system is mainly designed for protecting confidentiality, availability, as
well as integrity of the computer system that is used in the organization (Soomro, Shah &
Ahmed, 2016). The design for protecting the system in the organizations is commonly known as
CIA Traid and protection should be given to the CIA Traid from the malicious attack in the
organizations and companies. This particular triad is also known as Parkerian Hexad that
includes confidentiality, integrity, availability, authenticity, possession and utility.
3INFORMATION TECHNOLOGY FOR MANAGERS
The information security that is included in the organizations mainly includes many
strategies that helps to manage all the processes, the policies, as well as tools that are needed in
an organization or company to prevent the data, detect the threat, and document the threat and
mitigation process that can be processed to counter the threats in the organizations for protecting
the digital information as well as non-digital information (Safa et al., 2015). The responsibility of
information security is to establish a business process rule that will protect the assets of
information irrespective of the data format or transit of data that are in the data storage.
Threats that are sensitive in the organization and are used privately in many different
forms such as phishing and malware attacks, ransomware attacks, and identity theft attack. For
detecting the attacks as well as mitigating the attacks are vulnerable at different points having
many security controls that are implemented as well as coordinated as a strategy of layered
defence. This particular strategy might help to mitigate the impact of the attack (Gordon, Fairhall
& Landman, 2017). For being prepared for the security breach, the groups having security
responsibility is responsible for making the IRP (Incident response plan) in the organization. The
IRP plan will allow the organizations to contain as well as limit all the damages, removes the
cause of threats, as well as include updated defence control in the organization to mitigate threat
of information security.
This report details the information security of the Uber data breach that took place in
2016. The information security data breach took place in the company resulting massive data
breach of the personal information of 57 million associated customers including the drivers. The
details of the Uber data breach is explained in this report explaining the security attack on Uber
and the cause of the attack. This report below also explains the impact that Uber has because of
The information security that is included in the organizations mainly includes many
strategies that helps to manage all the processes, the policies, as well as tools that are needed in
an organization or company to prevent the data, detect the threat, and document the threat and
mitigation process that can be processed to counter the threats in the organizations for protecting
the digital information as well as non-digital information (Safa et al., 2015). The responsibility of
information security is to establish a business process rule that will protect the assets of
information irrespective of the data format or transit of data that are in the data storage.
Threats that are sensitive in the organization and are used privately in many different
forms such as phishing and malware attacks, ransomware attacks, and identity theft attack. For
detecting the attacks as well as mitigating the attacks are vulnerable at different points having
many security controls that are implemented as well as coordinated as a strategy of layered
defence. This particular strategy might help to mitigate the impact of the attack (Gordon, Fairhall
& Landman, 2017). For being prepared for the security breach, the groups having security
responsibility is responsible for making the IRP (Incident response plan) in the organization. The
IRP plan will allow the organizations to contain as well as limit all the damages, removes the
cause of threats, as well as include updated defence control in the organization to mitigate threat
of information security.
This report details the information security of the Uber data breach that took place in
2016. The information security data breach took place in the company resulting massive data
breach of the personal information of 57 million associated customers including the drivers. The
details of the Uber data breach is explained in this report explaining the security attack on Uber
and the cause of the attack. This report below also explains the impact that Uber has because of
4INFORMATION TECHNOLOGY FOR MANAGERS
data breach and the mitigation process that the organization has carried out for enhancing
information security.
2. Description of the Organization
Uber Technologies is a transportation network company that offers service including
ridesharing, ride service, bicycle sharing as well as food delivery. The head quarter of Uber
Technology is in San Francisco and has its operations in more than 785 areas all over the world.
The platforms of Uber technology are mainly accessed through websites as well as mobile
applications. Uber deals with millions of data of its customers and its drivers and it is very much
important for the company to protect the data that are associated with the company (Thomas &
Thomson, 2018). The data that Uber technology data includes serving million rides as well as
food deliveries along with the transaction data. As Uber always thinks about improving its
services and always finds out ways to mitigate the anomalies related to data and find a solution
for the root cause.
For maintaining its data, the company includes operational analysis and the organization
has a data warehouse team that helps to maintain parallel database and a popular platform of data
analytic within the system. Uber includes many policies that describes the way that Uber and the
affiliates collects as well as use personal information to provide the services in the world
(Robbins & Sechooler, 2018). The policy of data security is applied to all the users who uses the
application, the features, websites as well as features that includes privacy policies.
Instead of having such security policies, Uber underwent data breach misleading their
consumers to its privacy and the security practices. The company faced data breach where the
information including name and license number of the drivers were stolen and it effected the
data breach and the mitigation process that the organization has carried out for enhancing
information security.
2. Description of the Organization
Uber Technologies is a transportation network company that offers service including
ridesharing, ride service, bicycle sharing as well as food delivery. The head quarter of Uber
Technology is in San Francisco and has its operations in more than 785 areas all over the world.
The platforms of Uber technology are mainly accessed through websites as well as mobile
applications. Uber deals with millions of data of its customers and its drivers and it is very much
important for the company to protect the data that are associated with the company (Thomas &
Thomson, 2018). The data that Uber technology data includes serving million rides as well as
food deliveries along with the transaction data. As Uber always thinks about improving its
services and always finds out ways to mitigate the anomalies related to data and find a solution
for the root cause.
For maintaining its data, the company includes operational analysis and the organization
has a data warehouse team that helps to maintain parallel database and a popular platform of data
analytic within the system. Uber includes many policies that describes the way that Uber and the
affiliates collects as well as use personal information to provide the services in the world
(Robbins & Sechooler, 2018). The policy of data security is applied to all the users who uses the
application, the features, websites as well as features that includes privacy policies.
Instead of having such security policies, Uber underwent data breach misleading their
consumers to its privacy and the security practices. The company faced data breach where the
information including name and license number of the drivers were stolen and it effected the
5INFORMATION TECHNOLOGY FOR MANAGERS
Uber drivers working for the company. About 57 million riders personal information was stolen
which included names, email addresses, as well as mobile numbers of the riders. According to
the CEO of Uber, the data stolen were not misused by the hackers and according to them they
were continuously monitoring the accounts that were stolen and have flagged them by providing
additional protection to those particular accounts. For the data breach, security team of Uber took
no particular action because as per their opinion, there are many things to be done after data
breach and the data was not misused.
3. Literature Review
3.1 Definition of Information Security System
According to McCormac et al. (2017), the information security is mainly designed for
protecting the data confidentiality, integrity, as well as data availability that may be prone to
malicious intentions. As per the author, these three parameters are commonly known as CIA
Traid for providing security to information. This particular triad includes confidentiality of the
data, possession of the data authenticity of data, utility of data, availability of data as well as
integrity of data.
Another author Rahman & Choo (2015), stated that information security mainly handles
the risk management. Any data in an organization according to the author may be at risk or
threat. The information that are related with the organization includes sensitive information that
must be kept confidential and the data are not to be changed, transferred or altered without the
permission of the user. Data confidentiality includes a message that could be modified in the
transmission by some other people who intercept the data before reaching the actual user or the
Uber drivers working for the company. About 57 million riders personal information was stolen
which included names, email addresses, as well as mobile numbers of the riders. According to
the CEO of Uber, the data stolen were not misused by the hackers and according to them they
were continuously monitoring the accounts that were stolen and have flagged them by providing
additional protection to those particular accounts. For the data breach, security team of Uber took
no particular action because as per their opinion, there are many things to be done after data
breach and the data was not misused.
3. Literature Review
3.1 Definition of Information Security System
According to McCormac et al. (2017), the information security is mainly designed for
protecting the data confidentiality, integrity, as well as data availability that may be prone to
malicious intentions. As per the author, these three parameters are commonly known as CIA
Traid for providing security to information. This particular triad includes confidentiality of the
data, possession of the data authenticity of data, utility of data, availability of data as well as
integrity of data.
Another author Rahman & Choo (2015), stated that information security mainly handles
the risk management. Any data in an organization according to the author may be at risk or
threat. The information that are related with the organization includes sensitive information that
must be kept confidential and the data are not to be changed, transferred or altered without the
permission of the user. Data confidentiality includes a message that could be modified in the
transmission by some other people who intercept the data before reaching the actual user or the
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Network Security Assessment: Part 1 - Vulnerabilities Assessmentlg...
|9
|1577
|381
Network Security Assessment: Part 1 - Vulnerabilities Assessmentlg...
|9
|1749
|483
Network Security & Its Vulnerabilities | Documentlg...
|9
|1749
|130
Host and Application Securitylg...
|9
|1653
|308
Network Requirements and Mitigationlg...
|5
|854
|95
Cyber Security: Attacks and Mitigation Techniqueslg...
|11
|2291
|301