Information Systems Case Study: TIBO Security, Audit, and Outsourcing

Verified

Added on 2023/01/19

AI Summary

This case study analyzes the Trusted Imperial Banking Organisation (TIBO) and its challenges related to information systems, security, and outsourcing. The assignment addresses a security breach scenario where customer data is compromised, requiring an analysis of the security risks involved, including unauthorized access, data breaches, and potential financial loss. It then recommends best practices to mitigate these risks, such as sanitizing communications, restricting access, and updating security protocols. Furthermore, the study suggests appropriate types of Information Systems (IS) audits, including general control audits, application control audits, and integrated audits, to assess the adequacy of system controls and ensure compliance with established policies. Finally, the assignment evaluates TIBO's outsourcing process, identifying areas for improvement and recommending strategies to enhance efficiency and competitiveness. The analysis highlights the importance of defining outsourcing objectives, developing clear requirements, and understanding current performance levels. The case study emphasizes the significance of strong management, employee training, and technological investment in maintaining a robust and secure information system.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running Head: INFORMATION SYSTEM 1
Information System
Student’s Name
Supervisor’s Name
Course Affiliated
Date

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

INFORMATION SYSTEM 2
Questions 1
(a) Analysis of security risk.
Accessing security protocols of the CFO system put the company assists at risk. The
competitors of the company can use these facts to improve their operation hence putting a
challenge to the market. Therefore exposing the company details will betray management
weakness which may lead to stakeholders to go away.
One can also plant some data in the system which could interfere with the system
operation. Deleting and inserting new data in the order may also cause misunderstanding in the
company that will eventually lead to company failure. The company system is also exposed to
the virus if another login from an insecure source; thus it may lead to the system operating
slowly. The bank is experiencing cybersecurity threats. Within a short time, one can syphon
capital from banks. Most clients always shun away from the company with a weak security
system. Accessing one's data is risky to one investment (Hayden, L. 2010).
(b) Recommendation
Sanitise all calls and emails in the company. All official documents must be cleansed of
any threats before it enters the network of the banks. It is a critical aspect that the management
needs to focus on its structure. Not all member of the bank should have access to the mainframe
server of the company. Restricting logins details to workers put few individuals in charge and
whenever anything happens, they will be answerable. Update the security protocols daily.
Hackers are always searching for any weakness in the system. The system should be able to
handle email spoofing and sandbox evasion malware.

INFORMATION SYSTEM 3
TIBO management should adequately train their employees on handling the company’s
security system. Most data breaches prevent employees from accessing the best service. Security
should help be at the forefront of everyone’s mind to do security practices to be part of the
company’s culture. IT should deploy the latest technology to defend against the latest threats by
ensuring that all the security solutions are updated to prevent hacking.
Question 2
General control audit: The TIBO management system constantly needs update and
maintenance to keep it in line with technological advancement. The basic operation of the system
must be known to the staffs that are important to the success of the company. All the policy and
producers need to be favorable to all staff regardless they have skills or not.
Application control audit, this type of information system mainly focuses on a particular
application. All the input data and output need is control according to the set standards. The
communication process has to be traced to manage the flow of data. Security and integrity issues
are essential for a healthy business. System development is essential to software development.
Before developing any system, all parts must be involved to have an inclusive policy that favors
both parties. Integrated audit deals with working with other stakeholders such as the financial
staffs in accessing the company procedures and objectives. Forensic examination deals with
detecting any malicious activity band take appropriate actions against them (Pomerantz, O.
2010).

INFORMATION SYSTEM 4
Question 3
Outsourcing process in any organization recently has become dynamic as many
businesses seek to minimize cost. For a competitive in the market, the company has to get
updates on market trends. The following steps give the appropriate way of outsourcing
information appropriately. One is to define the company objective of outsourcing. The agenda
need should be clear to both parties involved. Factors such as costs, skills, efficiency among
others need to be considered to achieve better information that will be useful to the business
operation (McIvor, R. 2011).
The second step is developing clear requirements that the company needs. The customers
need to be a priority in any business dealing. A right decision is also essential in any proceeding.
Another step understands the business current performance levels. This will helps in allocating
funds to any company operation to bring balance in action. The last step is to define success
factors in term of quality, time and flexibility to adjust with the environment.
TIBO face competition from other business in the same field. Also, the chairperson of
TIBO was not primarily involved in the company bases. This was a form of weakness in the
management of the company. Also, changes were made management without consulting the
employees; this brought confusion in operation.
To counter TIBO challenges the management is a task with the responsibility of dividing
duties accordingly. Also mixing skill and the unskilled staff is essential to improve the
productivities of the company. TIBO also must invest more in technology to keep the company
in track with competition in the market. The problem of TIBO was manageable as most
weaknesses were brought by management failure to operate effectively.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

INFORMATION SYSTEM 5
Question 4
The audit has the responsibility of facilitating the payment details according to the
Company financial capability. They have the responsibility to make a budget and making funds
available to the concern teams to operate effectively. But the case of TIBO the audit department
was acting abnormally where a contract was made based on standards vendors agreements. TIBO
legal department reviews the deal and made changes to the legal procedures. Another role is
implementation and management where they seek to discuss the process of supplier selection in
TIBO IT department lack capabilities and skills to develop their system secure the bank's details
(Teece, D. 2012).
Question 5
TIBO committee members were external. The external members did not know much
about the company problems; thus it was a challenge to make the right decision. The board was
not involved in the daily operation; therefore it was difficult to know much on the part that needs
outsourcing support. IT department outsource a we-Bop project without extensive consultation
with other teams. The best practice to govern outsourcing contract is to have a lengthy discussion
with all stakeholders and employ to get their views and access the company system first
(Adobor, H. 2012).

INFORMATION SYSTEM 6
Question 6
The TIBO CEO acted lonely in handling his duties. The CEO was not consulting his
subordinate staffs for advice and knew the problems that the company faced. This act of the top
managers acting alone brought challenges that lead to poor performance of the company. Also,
the bank was down in term of technology due to a disagreement between the managers which
lead to failure to adapt to market competition (Fullan, M. 2012).
To curb such situation, TIBO took necessary action by dividing responsibility to each
department. The department heads had a responsibility to ensure all duties performed. Also
employing expert and training the staffs was the best action to create a strong foundation of the
reliable company. For future implementations, the bank needs to focus on involving new
technology and hire qualify staff who can handle the operation with skills.

INFORMATION SYSTEM 7
References
Adobor, H. (2012). Ethical issues in outsourcing: the case of contract medical research and the
global pharmaceutical industry. Journal of business ethics, 105(2), 239-255.
Fullan, M. (2012). Change forces: Probing the depths of educational reform. Routledge.
Hayden, L. (2010). IT security metrics: A practical framework for measuring security &
protecting data. McGraw-Hill Education Group.
McIvor, R. (2011). Outsourcing done right: analysis may keep some manufacturing in-house,
spin off other processes. Industrial Engineer, 43(1), 30-36.
Pomerantz, O. (2010). U.S. Patent No. 7,861,287. Washington, DC: U.S. Patent and Trademark
Office.
Teece, D. J. (2012). Dynamic capabilities: Routines versus entrepreneurial action. Journal of
management studies, 49(8), 1395-1401.