IT Infrastructure Management: AstraZeneca, Cyber Security & Continuity

Verified

Added on 2023/06/14

AI Summary

This report provides a detailed analysis of IT infrastructure management, focusing on cyber security, compliance, and business continuity. It includes an in-depth case study of AstraZeneca's outsourcing agreement with IBM, highlighting the challenges and lessons learned from the termination of their SLA. The report further explores various cyber threats, such as viruses, malware, phishing, denial-of-service attacks, and SQL injection, and outlines effective cyber security measures like encryption, antivirus software, firewalls, and access control. The impact of cyber security on business continuity is also discussed, emphasizing the importance of protecting computer systems and data from damage, theft, and disruption. Desklib offers additional resources and study tools for students seeking to deepen their understanding of these topics.

Running head: IT INFRASTRUCTURE MANAGEMENT
IT Infrastructure Management
Name of the Student
Name of the University
Author’s Note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
IT INFRASTRUCTURE MANAGEMENT
Table of Contents
Task A........................................................................................................................................2
Task B........................................................................................................................................4
1. Introduction........................................................................................................................4
2. Cyber Threats.....................................................................................................................4
3. Cyber Security....................................................................................................................2
4. Compliance and Business Continuity................................................................................2
5. Conclusion..........................................................................................................................3
References..................................................................................................................................1
Task C........................................................................................................................................4

2
IT INFRASTRUCTURE MANAGEMENT
Task A
Astra Zeneca Case Study Answers
1. AstraZeneca is the leading biopharmaceutical company. In July, 2007, this
company signed an outsourcing agreement for seven years with IBM. The total contract was
of 1.4 billion dollars. The extensive SLA involved 32 schedules and 90 clauses for governing
provision of the IT infrastructure services to respective 60 countries. AstraZeneca terminated
SLA on 8th April, 2011. However, the court took the side of AstraZeneca. As per the CIO of
the organization, the outsourcing deal with IBM enabled a specific consistent infrastructure in
every global site. Thus, new technologies, applications and reporting system were effectively
rolled out. Due to the outcome based specifications, the deal was a failure. The main mistake
that this company made was the rapid change of their business and this contract did not have
the ability to deal with the pace.
2. AstraZeneca was not only the guilty convicted in the failure of the contract. IBM
was also a part of it. The main mistake that IBM made was making an extremely large and
long term outsourcing contract of IT and thus IBM was also responsible for this. They should
have understood the business strategies of AstraZeneca and the fact that the business changes
rapidly.
3. Due to the large size of a deal, it is difficult to change the contract as the vendor
accrues their profit from any deal. When the outsource deals are huge, the vendors make huge
investments within the first two years since their service is customized and set up. Next, the
respective vendors expect profit margins in two to three years and hence the extremely larger
deals are for minimum of five years.

3
IT INFRASTRUCTURE MANAGEMENT
4. AstraZeneca and IBM had made major mistakes for making such huge contracts of
1.4 billion dollars. The main motive of these two major corporations was to make maximum
profit for their businesses. The only thing that they did not consider was the constraints or
problems that would have been possible for the contract. Since, the contract was an extremely
large and outsourcing IT deal, it suffered major problems and thus both the companies have
to settle with legal court case. The technical problems were not taken into consideration and
thus their strategy failed.
5. The 2007 SLA or service level agreement was doomed to fail as there were some of
the constraints from the beginning of the deal. The first and the foremost constraint was the
extremely large IT outsourcing deal. Although, the contract was for seven years, it became a
failure in four years. The deal consisted of utilization of specifications that were based on
outcomes and these specifications were utilized for encouraging the innovation within
vendors. Thus, this SLA was doomed to fail.
6. After the failure of the IT contract with IBM, AstraZeneca undertook another new
strategy to work with the vendors of IT, which focuses on the rapid actions on various
technical problems within any specific cooperative structure. This model replaced the
previous model and comprises of various principles. One of them is “fix first, pay later”. This
specifically means that if type of problem occurs, the company and vendors can easily fix it
by not asking about expenses. Hence, both the parties would be saved.
7. AstraZeneca eventually agreed for faster payment in case of any IT problem to
vendor. If any type of conflict occurs in contract, both of these parties could appeal to the
independent arbiter, who could oversee the policy of cooperation. Thus, legal cases can be
avoided.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
IT INFRASTRUCTURE MANAGEMENT
Task B
Cyber Security, Compliance and Business Continuity
Abstract: The main aim of this paper is to
understand the entire concept of cyber
security, its compliance and business
continuity. Cyber security is the proper
protection of various computer systems
from any type of damage or theft to the
hardware, information and software. It also
helps to protect from disruption or
misdirection of services. Compliance
refers to any type of rules or regulations,
or specified standards for any situation or
case study. The cyber security compliance
is the collection of various services for
creating or adapting the security strategy
properly. The final part of the paper
describes about the effect of cyber security
in business continuity.
Index terms: Cyber security, compliance,
business continuity, cyber threats, cyber
attacks.
1. Introduction
Cyber security or computer
security is responsible for protecting all
types of threats like theft, damage or
disruption or services to the software,
hardware as well as any type of
confidential information (Von Solms &
Van Niekerk, 2013). This type of security
is extremely important for all types of
organizations. Cyber security even
includes controlling any kind of physical
access to the hardware and thus protecting
against the harm that is coming through
access of network, data injection or code
injection. Moreover, for the malpractices
by the operators, this type of security is
highly susceptible in being tricked and
thus deviation from the secured procedures
occurs. The malpractices can either be
intentional or accidental (Wang & Lu,
2013). The following paper will be
outlining a brief description on cyber
security, its compliance and business
continuity. The various cyber threats and
cyber attacks will be provided here.
Furthermore, the compliance of cyber
security and the effect of cyber security on
business continuity will also be described
in the paper.
2. Cyber Threats
Cyber threats are the most
dangerous threats for any type of system or
computer. All organizational systems are
vulnerable to these types of threats in their
business (Hahn et al., 2013). Cyber attacks
are the specific kinds of offensive
maneuvers that are employed by various
nations, states, society, groups, individuals
and organizations, which eventually target
the computer information, computer
networks, systems, computer devices or
computer infrastructures. These types of
attacks target the systems by simple means
of any type of malicious activity that has
originated from unknown sources for the
purposes of stealing, destroying and
altering the information by hacking (Amin
et al., 2013). The most vulnerable types of
cyber threats that are extremely popular in
cyber world are given below:
i) Virus: This is the first and the
foremost cyber threat for any specific
system. It is the type any malicious
software program that is when executed,

5
IT INFRASTRUCTURE MANAGEMENT
eventually replicates itself by the simple
modification of all other computer
program and thus inserting its own
particular code (Elmaghraby & Losavio,
2014). As soon as this replication is being
completed, all the affected areas are
claimed as infected with the specific
computer virus. The hackers or the
attackers are responsible for creating such
havoc in any system, when they inject the
affected code within the system.
Moreover, clicking on any type of infected
website can also cause virus attack.
Security vulnerabilities are exploited in
this case and the systems are infected for
the purpose of spreading the virus (Buczak
& Guven, 2016). This type of cyber threat
is recently causing more than 10 billion
dollars damage in each year.
ii) Malware: The second
significant cyber threat or vulnerability is
malware. It is the type of malicious
software that is the variety of various
intrusive software like worms, ransom
ware, Trojan horses, worms, spyware and
many more (Sommestad, Ekstedt & Holm,
2013). This particular cyber threat can
easily take up the form of scripts,
executable codes, other software and
active content. It could be easily defined
with the malicious intent and thus acting
against the computer user requirements.
The malware does not involve any
software, which causes the unintentional
harm for some kind of deficiency. These
types of programs are supplied by the
hacker for the purpose of either slowing
down the system or hacking the system
(Dunn Cavelty, 2013). The user is
responsible for installing the malware
software within the system. This cyber
threat is extremely dangerous for any user.
iii) Phishing: The third significant
cyber threat for any type of computers or
systems is phishing. It is the core attempt
of hackers for obtaining confidential or
sensitive information like passwords,
usernames, bank account details, credit
card credentials and many more (Wells et
al., 2014). These types of information are
obtained for malicious causes by simply
disguising as one of the most important
trustworthy entity within any specific
electronic communication. The cyber
threat of phishing is eventually carried out
either by instant messaging or email
spoofing, thus directing the users for
entering personal information within a
fake web site. The look as well as feel of
the web site is completely identical to the
legitimate web site and the only difference
between them is for the web site URL
(Sou, Sandberg & Johansson, 2013). The
main victims for this type of cyber threat
are the IT administrators, banks, auction
sites social web sites and online payment
processors.
iv) Denial of Service Attacks:
Another significant cyber threat for any
computer system is the denial of service
attack (Cavelty, 2014). It is the type of
cyber attack, where the attacker seeks into
the machine or resources of network that
are unavailable to the specific users either
by disrupting the host services or by
disrupting the networks that are connected
to the Internet. The denial of service is
eventually accomplished by means of
flooding the typical resource or machine
with various requests and thus overloading
the systems or preventing all types of
legitimate requests (McGraw, 2013). In
case of distributed denial of service or
DDoS attacks, various computers are
involved in the denial of service attacks.

6
IT INFRASTRUCTURE MANAGEMENT
v) SQL Injection Attacks: The next
type of cyber threat is the SQL injection
attack. This type of attack mainly targets
the servers or databases that have stored
critical and confidential data (Gupta,
Agrawal & Yamaguchi, 2016). The attack
is done by the help of malicious code for
getting the server in divulging information
that should not be divulged. Various
credentials like passwords, usernames or
credit card numbers are targeted in this
type of attack.
vi) Man in the Middle Attacks:
The other name of this attack is session
hijacking. The hacker remains in between
the authorized user and information, thus
altering the confidential information
eventually. This is extremely dangerous
for the users or systems.
3. Cyber Security
All the above mentioned attacks
could be controlled by various methods of
cyber security (Hong, Liu & Govindarasu,
2014). The most important as well as
significant methods of cyber security are
as follows:
i) Encryption: The first and the
most important way of cyber security is
encryption. It is the procedure to encode
any message or information in a specific
manner, where only authorized parties
could access the data and the unauthorized
parties could not do it (Abawajy, 2014).
Encryption prevents the unauthorized
access and comprises of two algorithms,
which are symmetric as well as
asymmetric algorithm. This algorithm
converts the plain text to cipher text and
only the key can open the file.
ii) Antivirus: The second type of
cyber security is the antivirus software. It
the particular computer program that
secures the system and thus any type of
cyber threat is restricted (Ben-Asher &
Gonzalez, 2015). The malware could be
easily prevented, detected as well as
removed with the help of antivirus.
Browser hijackers and Trojan horses are
easily stopped with the help of this
software.
iii) Firewalls: The third method is
the firewall. It is the specific system for
network security, which monitors as well
as manages the incoming or outgoing
traffic of network (Amin et al., 2013). The
firewall is established by a barrier within
the trusted internal network and the
untrusted external networks. As the name
suggests, firewall detects and prevents the
entry of any type of cyber threat.
iv) Access Control: The controlling
of access to the software is also an
important step for preventing any type of
cyber threat to the systems.
v) Passwords: Enabling as well as
changing of passwords is also an important
step for securing and preventing any type
of cyber threat or cyber attack (Knowles et
al., 2015). Passwords restrict the access to
the system or software.
vi) Restricting Access to Physical
Devices: The physical access to the various
devices should also be restricted or limited
for stopping the cyber threats or attacks.
The denial of service attacks are stopped
or mitigated with the help of this cyber
security.
4. Compliance and Business Continuity
The various rules or regulations
that help to maintain the cyber security are
collectively known as compliance
(Cherdantseva et al., 2016). The business

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
IT INFRASTRUCTURE MANAGEMENT
continuity is the proper planning as well as
preparation for ensuring the fact that any
organization could easily continue in
operating in various incidents or disasters
and has the ability in recovering to the
operational state within a short period.
There are three elements for any business
continuity. They are the resilience,
recovery and contingency. These three
elements are utilized for understanding the
exact position of the business (Czosseck,
Ottis & Talihärm, 2013). The critical
functions of the business as well as the
supporting infrastructure are designed in
such a method that the redundancy of the
data is resolved. Cyber security helps in
maintaining the business continuity and
hence reducing the typical disasters related
to cyber world. All the above mentioned
cyber security methods are useful for the
business.
Regarding compliance, there are
various standards for cyber security that
are useful for the business (Gupta,
Agrawal & Yamaguchi, 2016). These are
various techniques, which attempt in
protecting the cyber environment of the
users or business. The main objective of
these standards or compliances is to
diminish the cyber risks or threats, which
includes the mitigation or prevention of
any cyber threat or attack. These are
various published materials, consisting of
the security concepts, guidelines, and
approaches of risk management, policies,
technologies, security safeguards,
assurance, actions, trainings and many
more (Hong, Liu & Govindarasu, 2014). If
any of this compliance is violated by the
employees or staffs, legal actions are to be
taken against them. Thus, the vulnerability
is restricted.
Hence, the business continuity is
maintained by the implementation and
application of compliance.
5. Conclusion
Therefore, from the discussion, it
can be concluded that cyber security is one
of the most important requirements in any
computer or system for the purpose of
securing it from all types of cyber threats
or cyber attacks and also digital disruption
or physical access to the hardware or any
such equipment. This type of security is
the collection of various technologies,
processes as well as practices that are
designed for protecting the networks,
confidential data, information, programs
and computer systems from damages,
attacks or any type of unauthorized access.
Security involves both physical security
and cyber security. The most significant
elements of this cyber security mainly
include information security, network
security, application security, disaster
recovery, operational security, business
continuity planning and end user
education. The most dangerous element of
the cyber security is the constant evolving
nature of the security threats. Cyber
security has various rules or compliance
and also o the business continuity. The
above paper has proper described about the
various cyber threats, cyber security, effect
on business continuity and cyber security
compliance. Significant details are
provided in the paper.

8
IT INFRASTRUCTURE MANAGEMENT
References
Abawajy, J. (2014). User preference of cyber security awareness delivery
methods. Behaviour & Information Technology, 33(3), 237-248.
Amin, S., Litrico, X., Sastry, S. S., & Bayen, A. M. (2013). Cyber security of water SCADA
systems—Part II: Attack detection using enhanced hydrodynamic models. IEEE
Transactions on Control Systems Technology, 21(5), 1679-1693.
Amin, S., Litrico, X., Sastry, S., & Bayen, A. M. (2013). Cyber security of water SCADA
systems—Part I: Analysis and experimentation of stealthy deception attacks. IEEE
Transactions on Control Systems Technology, 21(5), 1963-1970.
Ben-Asher, N., & Gonzalez, C. (2015). Effects of cyber security knowledge on attack
detection. Computers in Human Behavior, 48, 51-61.
Buczak, A. L., & Guven, E. (2016). A survey of data mining and machine learning methods
for cyber security intrusion detection. IEEE Communications Surveys &
Tutorials, 18(2), 1153-1176.
Cavelty, M. D. (2014). Breaking the cyber-security dilemma: Aligning security needs and
removing vulnerabilities. Science and Engineering Ethics, 20(3), 701-715.
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K.
(2016). A review of cyber security risk assessment methods for SCADA
systems. Computers & security, 56, 1-27.
Czosseck, C., Ottis, R., & Talihärm, A. M. (2013). Estonia after the 2007 cyber attacks:
Legal, strategic and organisational changes in cyber security. Case Studies in
Information Warfare and Security: For Researchers, Teachers and Students, 72.

9
IT INFRASTRUCTURE MANAGEMENT
Dunn Cavelty, M. (2013). From cyber-bombs to political fallout: Threat representations with
an impact in the cyber-security discourse. International Studies Review, 15(1), 105-
122.
Elmaghraby, A. S., & Losavio, M. M. (2014). Cyber security challenges in Smart Cities:
Safety, security and privacy. Journal of advanced research, 5(4), 491-497.
Gupta, B., Agrawal, D. P., & Yamaguchi, S. (Eds.). (2016). Handbook of research on modern
cryptographic solutions for computer and cyber security. IGI Global.
Hahn, A., Ashok, A., Sridhar, S., & Govindarasu, M. (2013). Cyber-physical security
testbeds: Architecture, application, and evaluation for smart grid. IEEE Transactions
on Smart Grid, 4(2), 847-855.
Hong, J., Liu, C. C., & Govindarasu, M. (2014). Integrated anomaly detection for cyber
security of the substations. IEEE Transactions on Smart Grid, 5(4), 1643-1653.
Knowles, W., Prince, D., Hutchison, D., Disso, J. F. P., & Jones, K. (2015). A survey of
cyber security management in industrial control systems. International journal of
critical infrastructure protection, 9, 52-80.
McGraw, G. (2013). Cyber war is inevitable (unless we build security in). Journal of
Strategic Studies, 36(1), 109-119.
Sommestad, T., Ekstedt, M., & Holm, H. (2013). The cyber security modeling language: A
tool for assessing the vulnerability of enterprise system architectures. IEEE Systems
Journal, 7(3), 363-373.
Sou, K. C., Sandberg, H., & Johansson, K. H. (2013). On the exact solution to a smart grid
cyber-security analysis problem. IEEE Transactions on Smart Grid, 4(2), 856-865.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

10
IT INFRASTRUCTURE MANAGEMENT
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber
security. computers & security, 38, 97-102.
Wang, W., & Lu, Z. (2013). Cyber security in the smart grid: Survey and
challenges. Computer Networks, 57(5), 1344-1371.
Wells, L. J., Camelio, J. A., Williams, C. B., & White, J. (2014). Cyber-physical security
challenges in manufacturing systems. Manufacturing Letters, 2(2), 74-77.

11
IT INFRASTRUCTURE MANAGEMENT
Task C
2. The total similarity percentage is 7%.
3. a) Yes all of the bold, coloured text matches in the self-check report missing in-text
references. All of them are in format, headings and key words.
b) Yes 4% of the total match is including more than three words in a row copied from the
original source without quotation mark.
c) No there is no quotation in the essay. Thus, the quotation percentage is 0%.
d) Yes 2% of the total percentage is matched coincidental.
e) No short strings of matching text were indicated in unsuccessful paraphrasing.
f) Yes I have synthesized all of the sources’ ideas into my essay by introducing each piece of
source information with a signal phrase and by adding my own comments or interpretation to
it in the following sentence.