Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Strategic Information Systems

Verified

Added on 2023/03/23

AI Summary

This report focuses on the current scenario of Bell Studio, evaluating potential risks, internal controls, and weaknesses in the system. It includes data flow diagrams, system flowcharts, and an analysis of risks and weaknesses.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: STRATEGIC INFORMATION SYSTEMS
Strategic Information System
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1STRATEGIC INFORMATION SYSTEMS
Table of Contents
Introduction................................................................................................................................2
DFD of Purchase System...........................................................................................................2
DFD of Payroll System..............................................................................................................3
DFD of Cash Disbursement System..........................................................................................4
System Flowchart of Cash Disbursement System.....................................................................5
System Flowchart of Purchase System......................................................................................6
Elucidation of the weaknesses in the internal control of the system and the major risks
coupled with the recognized weaknesses...................................................................................7
Weaknesses in the organization.............................................................................................7
Risks...........................................................................................................................................9
Unauthorized access...............................................................................................................9
Viruses and malware..............................................................................................................9
Sniffing and Spoofing..........................................................................................................11
Conclusion................................................................................................................................14
References................................................................................................................................15

2STRATEGIC INFORMATION SYSTEMS
Introduction
This particular report focuses on the current scenario of Bell Studio. Evaluation of the
potential risks of the company, internal controls of the expenditure cycle and the various
processes is done. The report contains the data flow diagram (DFD) of cash disbursement
system. In this report the DFD of payroll system is given along with purchase system
flowchart, payroll and the cash disbursement system. In addition to the above discussion, the
internal control system and the weaknesses of the system is concisely explored. The report
further highlights the risks coupled with the system weaknesses. At the end the report
provides a pertinent conclusion for the discussion.
DFD of Purchase System
Figure 1. Data Flow Diagram of Purchase System

3STRATEGIC INFORMATION SYSTEMS
DFD of Payroll System
Figure 2. Data Flow Diagram of Payroll System

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4STRATEGIC INFORMATION SYSTEMS
DFD of Cash Disbursement System
Figure 3. Data Flow Diagram of Cash Disbursement System

5STRATEGIC INFORMATION SYSTEMS
System Flowchart of Cash Disbursement System
Fi
gure 4: System flowchart of Cash Disbursement System

6STRATEGIC INFORMATION SYSTEMS
System Flowchart of Purchase System
Figure 5. System flowchart of Purchase System

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

7STRATEGIC INFORMATION SYSTEMS
Elucidation of the weaknesses in the internal control of the system and the
major risks coupled with the recognized weaknesses.
Weaknesses in the organization
The organization has numerous weaknesses in the system in relation to the cash
disbursement system, purchase system and the payroll system (Rusly et al. 2018). The
weaknesses pose to be major risks for the organization hence there is a need to assess the
issues on an immediate basis to allow genuine functioning of systems in the organization
(Pearlson, Saunder and Galletta 2016). The weaknesses of the organization connected to the
system are as below:
The cash disbursement system or the purchasing system of the organization is highly
complex and holds critical significance (Musgrove and Walsh 2015). Improvisation in the
system can cause disruptions in the operations of the organization. The implementation of the
changes and the way it is deployed cause problem in the operations of the organization
(DeVan et al. 2015). Few of the administrators of the company would choose to delay the
updates or some may choose segmentation of the process to prevent process shutdown or
process downtime. The many outdated systems of the company are already falling behind at
work. The lagging behind without any significant update patches will really push the
organization to face major risk. The risks will cost the organization heavily (Rezvani, Dong
and Khosravi 2017). The identified gaps in the system could be prevailing in the system
unidentified for a very long and that can cause potential damage to the organization (Ogiela
2015). The software lies deprived and unrecognized in the system and no minor software
patches are applied on it, thus extending the intensity of the danger (Cassidy 2016).

8STRATEGIC INFORMATION SYSTEMS
The organization has severe weaknesses in its system that makes the system and the
software of the organization highly vulnerable to several external threats (Laudon and
Laudon 2016). The hard files which are managed might lead to potential risks for the
organization as any threat or loss can led to heavy data loss for the company. The database of
the company where majority of the data, especially where company invoices are stored is
prone to security risk finally resulting in data loss (Gillett 2016). It becomes easy for the
cyber attacker or the hacker for that matter to get access of the information inside the
computer system of the organization. Since there are vulnerabilities in the system of the
organization the hackers can easily device a path to enter in to computer system of the
company and compromise the data available in the database of the company. There are
advanced dangers that the organization faces which evolves out of modern technology
methods. The organization stores its financial records and other professional reports or
records in database which several loopholes as there are security failures in the system
(Morden 2016). The organization can only avoid data breaches by implementing security
protocols and responding efficiently and immediately to the redundant breaches noticed in the
network system.
The network vulnerabilities which can become the expected entry point for the
attackers to get into the system must be focused on to protect the system from breaches. The
organization runs major risks of cyber attacks and data theft as the organization is still using
outdated version of software which are not strong enough to prevent the external attacks. It is
easy of the attackers to gain access into the system and destroy the data of the organization.
The information in the system lies unsecured which provides the leverage to external
operators to siphon data out of the organization and misuse it. The process becomes easy for
siphoning of data which should have been difficult.

9STRATEGIC INFORMATION SYSTEMS
An additional weakness of the organization that can be highlighted is the culture of
the organization. The cultural weakness of the organization leads to opening of
supplementary weakness in organizational system. Further the employees of the organization
pose to be a weakness for the company if the organizational protocols are not followed by the
employees and misleading the procedures set by the organization. When such
mismanagement occurs in the employee culture of the organization, the organization starts
facing additional unconventional risks from its own employees.
Risks
Unauthorized access
Unauthorized access is the commonest security risk that jeopardizes the network
system of the organization. The confidential and sensitive data of the organization runs a high
risk of getting stolen or compromised. The hackers or the cyber criminals use modern
advanced technology to get into the system of the organization. The acquired skills of the
hackers enable them to stay unidentified in the system for a very long time and provide an
easy method to access the information in the system.
Viruses and malware
There are many risks an organization face regarding to security threats and attacks.
The risk of virus attack or malware attack is another risk for the system of the organization.
Virus is software deliberately designed and devised in a fashion to gain easy access of the
organization’s network system. Virus enters the system without any permission from the user
and lies undetected in the system for a long time. Slowly the virus starts spreading all over
the network channel as it continuously duplicates itself within the system of the organization.
The virus slows down the system finally resulting in server crash and massive loss of data. It

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

10STRATEGIC INFORMATION SYSTEMS
is seen in numerous cases that damage caused can be accidental resulting from poor
programming issues.
The damage faced by the organization regard to its information system, can be either
because of accidental cause or the intension can be purposeful. The actions are sometime
fueled by individual motives as an act of industrial sabotage. The employees of the
organization have all the important knowledge and information to bring about huge damage
in the company. This provides the attackers multiple opportunities to interrupt the working of
the company and damage the system severely. The impacts of the attacks can be on the
infrastructure as well as on the hardware of the organization. The attackers can easily alter
and modify the available data from the system. There are also chances of the deleting the data
for feeding in incorrect data in the system of the organization which will badly affect the
working of the system of the organization. The cyber attackers can implement logic bombs in
to the system and remove important software from the system of the organization. The
deliberate motive to harm the organization can pose to be a significant threat for the
organization. Any data loss from the database effects the organizational function and
performance and not only that, the organization runs a extra risk of facing threats from the
data if they are used against them. The threat from the vandalism lies in fact that this
organization has been temporarily denied the access to the system and the resources for some
of the individuals. The major damages as known cause severe issues for the organization, the
minor damages cannot always be ignored or denied. A cumulative effect of the minor
damages builds up to a major damage that affects the organization intensely (Chakraborty
2017). The major damages results due to human errors in handling the system and the data of
the system. The employees of the company sometimes misuse the data available to them or
cause accidental damage which in turn affects the business or the enterprise massively. Any
kind of minor or major human errors on the information and network system of the company

11STRATEGIC INFORMATION SYSTEMS
massively impacts the security of the organization. Purposeful manmade threats damage the
security structures of the enterprise by making the enterprise’s network vulnerable (Shi and
Li 2016). Then, the security threats faced by the organizations can be effectively mitigated.
Sniffing and Spoofing
Sniffing tools are used to sniff on all the data packets that flow through the network
channel. The attackers try to tap the line of flow of the data packets in the network channel to
get valuable information from the data packets. Sniffing can be done by the attackers or by an
employee form the organization can also find a vulnerable spot to sniff on the data packets
(Niemelä et al. 2016). When the organization performs diagnosis of network issues by
capturing data which are transmitted over the network of the company, employees can
unethically use it to gather passwords and data to harm the company for selfish motives.
When information is caught in transit, the malicious user easily gains access into the network
system of the business enterprise. If the organization’s switch port is open, it becomes easy
for the sniffers to sniff the data out of the system (Hadid 2015). Anyone within the network
system can get access to the data packets. Snoop servers are used to capture network traffic
for analysis. Snooping protocol monitors information on a computer bus to ensure efficient
processing. The attackers can study the flow of traffic in the system, protected and
unprotected version of it (Anilkumar et al. 2019). If there are excess vulnerable spots within
the system, the right condition along with right protocols provides the attackers the advantage
to easily collect information. The collected data or the information can be further used to
project additional attacks on the company or cause destruction in the server system of the
business or enterprise. To detect sniffers in the network system of the enterprise becomes
hard for the enterprise to identify. Sniffing can be done on web traffics, FTP passwords, the

12STRATEGIC INFORMATION SYSTEMS
router configuration and email traffic (Hadid 2015). The collected information allows hackers
to steal the additional data and confidential records from the database of the organization.
Trojan or Trojan horse is a malware kind which stays incognito as legitimate software
(Li 2017). Cyber thieves and attackers employ the Trojan horse into the system to gain access
of the network system. The Trojan tricks the users by some social disguise to load and
execute the Trojan into their computer system. The moment the Trojan horse gets activated,
they give the attackers or the cyber criminals to spy on the system, traffic flow within the
network system and also stealing of sensitive and confidential data. The Trojan horse can be
used to delete data, modify data, copy data, block data and disrupts the functioning of the
computer network. Use of Trojan to damage system frameworks have evolved in the recent
years. The Trojans are mostly developed to attack the central system of the organization.
Trojans have uncontrollable impact on the network system of the organization. The backdoor
Trojan paves the path for the attacker to remotely control the infected computer system of the
organization (Sidiq, Umar and Yudhana 2018). The attackers have complete control on the
system and can mess the system up. The backdoor Trojans collects and groups infected
systems to form zombie network. The zombie network is used to plant further attacks and
also used to criminal motives. The Trojan exploits the data from the network system and
takes advantage of it. The Trojan DDoS (Denial of Service) attacks a targeted web address
(Zhang et al. 2016). The Trojan sends multiple acceptance requests from numerous infected
computers. The attacker overwhelms the target; compromise it which leads to the denial of
services. Trojan also records key strokes, to capture keyboard inputs from the computers.
The keystroke recorder allows the Trojan owner to gather sensitive data like user id,
passwords, and outgoing messages in the mail system. Trojan affects the enterprise badly by
breaching into the system. Data loss becomes an issue for the organization. Trojan’s can
majorly affect the payroll system of the organization might faces issues of data theft. Data

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

13STRATEGIC INFORMATION SYSTEMS
theft means collection of data, making multiples copies of them. Any confidential data loss
from the database of the organization puts the organization into severe danger. The data can
be illegally used against the company to draw information or make any kind of unauthorized
alteration to the records stored in the system of the organization (Aziz 2015). The records
include information regarding financial reports of the company, addresses, passwords and
additional sensitive data. When there is damage to the original authentic data of the
organizations or maybe the data are destroyed, the value of the existing copies of the data
gradually increases. Since, this particular organization operates on the wholesale sector, any
data records regarding sales becomes vulnerable to damage. The loss of the sale data or
alteration of it will damage the business of the organization. If the attackers gain the access to
the consumer list and details stored in the database of the organization, an attack on it can
wreck havoc for the company. The consumer and customer list once accessed can be used to
target the customers to impart a negative viewpoint on the organization. Such a move can
damage sales of the company. This will have a negative impact on the reputation and on the
brand of the organization. Instantaneous effect of such an act proves that the organization
suffers from major vulnerabilities in their network system (Jiménez et al. 2017). The
organization becomes exposed to cyber threats and cyber attacks. This leads to corporate
takeover or damage to company reputation.
Additional risk that is present in the organization is the revengeful nature of
employees who wants to harm the employer. Such disgruntled employees prove to be a major
weakness in the organizational system. The backdoors of the network system is used for
positive purpose like for diagnosis of network traffic and testing of the system. The aggrieved
employee can use to it gain sensitive and confidential information from the system to use the
acquired against the organization. The backdoor becomes a tool for sabotaging the enterprise.

14STRATEGIC INFORMATION SYSTEMS
Conclusion
Bell studios contain numerous loopholes in their system which leads to the growth of
possible vulnerabilities for the company. The vulnerabilities present in the organization’s
system can become the reason for data exploitation by malicious users. The changes made in
the cash disbursement system as well as in the purchase system of Bell Studios have a
tendency to cause operational disruptions. Changes made to the complex purchasing system
lead to threats depending on manner the system is implemented and deployed.
Administrators also might choose to segregate the process to prevent system shutdown. The
weaknesses needs to be recognized and managed well to prevent attacks.

15STRATEGIC INFORMATION SYSTEMS
References
Pearlson, K.E., Saunders, C.S. and Galletta, D.F., 2016. Managing and using information
systems, binder ready version: a strategic approach. John Wiley & Sons.
Cassidy, A., 2016. A practical guide to information systems strategic planning. Auerbach
Publications.
Rezvani, A., Dong, L. and Khosravi, P., 2017. Promoting the continuing usage of strategic
information systems: The role of supervisory leadership in the successful implementation of
enterprise systems. International Journal of Information Management, 37(5), pp.417-430.
Laudon, K.C. and Laudon, J.P., 2016. Management information system. Pearson Education
India.
Musgrove, T.A. and Walsh, R.H., CBS Interactive Inc, 2015. Content aggregation method
and apparatus for on-line purchasing system. U.S. Patent 8,930,370.
Rusly, F.H., Ahmi, A., Talib, Y.Y.A. and Rosli, K., 2018, September. Payroll system: A
bibliometric analysis of the literature. In AIP Conference Proceedings (Vol. 2016, No. 1, p.
020124). AIP Publishing.
DeVan, S.M., Markwell, S. and Myers, D., JP Morgan Chase Bank, 2015. Integrated
Electronic Disbursement and Cash Flow Management System and Method. U.S. Patent
Application 14/106,999.
Gillett, P.R., 2016. Accounting Information Systems. John Wiley & Sons, Incorporated.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

16STRATEGIC INFORMATION SYSTEMS
Li, M., 2017. The wars in your machine: New developments in trojan virus engineering.
Chakraborty, S., 2017. A Comparison study of Computer Virus and Detection
Techniques. International Journal of Scientific Research in Computer Science, Engineering
and Information Technology, 2(1), pp.236-240.
Shi, J. and Li, J., 2016, September. The Security and Protection Strategy Study of Computer
Network Information. In 2nd International Conference on Electronics, Network and
Computer Engineering (ICENCE 2016). Atlantis Press.
Sidiq, A.F., Umar, R. and Yudhana, A., 2018. RESEARCH ON SECURE VIRUS TROJAN
IN CYBERSECURITY PLATFORM. JURNAL SISTEM INFORMASI UNIVERSITAS
SURYADARMA, 5(2).
Zhang, Y., He, Y., Zhao, Q. and Liang, K., 2016, November. Similarity and self-learning
based anti-Trojan Mechanism. In 2016 International Conference on Advanced Electronic
Science and Technology (AEST 2016). Atlantis Press.
Jiménez, J.M.H., Nichols, J.A., Goseva-Popstojanova, K., Prowell, S. and Bridges, R.A.,
2017. Malware detection on general-purpose computers using power consumption
monitoring: A proof of concept and case study. arXiv preprint arXiv:1705.01977.
Niemelä, J., Hyppönen, M. and Kangas, S., F Secure Oyj, 2016. Malware protection. U.S.
Patent 9,501,644.
Aziz, A., FireEye Inc, 2015. Prospective client identification using malware attack detection.
U.S. Patent 9,027,135.

17STRATEGIC INFORMATION SYSTEMS
Hadid, A., Evans, N., Marcel, S. and Fierrez, J., 2015. Biometrics systems under spoofing
attack: an evaluation methodology and lessons learned. IEEE Signal Processing
Magazine, 32(5), pp.20-30
Anilkumar, C., Joseph, D.P., Viswanatham, V.M., Karrothu, A. and Venkatesh, B., 2019.
Experimental and Comparative Analysis of Packet Sniffing Tools. In Proceedings of the 2nd
International Conference on Data Engineering and Communication Technology (pp. 597-
605). Springer, Singapore.
Ogiela, L., 2015. Advanced techniques for knowledge management and access to strategic
information. International Journal of Information Management, 35(2), pp.154-159.
Morden, T., 2016. Principles of strategic management. Routledge

1 out of 18

+13062052269

info@desklib.com

Strategic Information Systems

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Strategic Information System for Business and Enterprise

Strategic Information Systems

Internal Control Weakness in Bell Studio's Accounting System

Strategic Information Systems

Expenditure Cycle at Bell Studio

Bell Studio's Expenditure Cycle: A Risk Assessment