Information Technology for Managers: Uber Data Breach Report
VerifiedAdded on 2023/04/21
|23
|6894
|51
Report
AI Summary
This report provides a detailed analysis of the Uber data breach, focusing on the security attack that compromised the personal information of millions of customers and drivers. It begins with an introduction to information security, defining key concepts such as confidentiality, integrity, and availability (CIA triad) and exploring various threats and vulnerabilities. The report then describes Uber's organizational structure and its reliance on technology. A thorough literature review is conducted, examining definitions of information security systems, concepts, and organizational security policies. The core of the report analyzes the Uber data breach, identifying the root causes of the attack and its impact on the organization, including reputational damage and financial repercussions. Finally, the report proposes a comprehensive mitigation process and information security solutions to enhance Uber's security posture, including incident response planning and layered defense strategies. The report concludes with a summary of findings and recommendations.
Running head: INFORMATION TECHNOLOGY FOR MANAGERS
Information Technology for Managers
Name of Student-
Name of University-
Author’s Note-
Information Technology for Managers
Name of Student-
Name of University-
Author’s Note-
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1INFORMATION TECHNOLOGY FOR MANAGERS
Table of Contents
1. Introduction..................................................................................................................................2
2. Description of the Organization...................................................................................................4
3. Literature Review........................................................................................................................5
3.1 Definition of Information Security System...........................................................................5
3.2 Concepts of Information Security..........................................................................................6
3.3 Organizational Security Policy..............................................................................................9
3.4 Benefits of Network Security:.............................................................................................10
3.5 Need of System security......................................................................................................10
4. Security Attack on Uber............................................................................................................12
4.1 Cause of Attack....................................................................................................................13
4.2 Impact on Organization.......................................................................................................14
5. Mitigation process for Information Security.............................................................................14
6. Conclusion.................................................................................................................................16
References......................................................................................................................................19
Table of Contents
1. Introduction..................................................................................................................................2
2. Description of the Organization...................................................................................................4
3. Literature Review........................................................................................................................5
3.1 Definition of Information Security System...........................................................................5
3.2 Concepts of Information Security..........................................................................................6
3.3 Organizational Security Policy..............................................................................................9
3.4 Benefits of Network Security:.............................................................................................10
3.5 Need of System security......................................................................................................10
4. Security Attack on Uber............................................................................................................12
4.1 Cause of Attack....................................................................................................................13
4.2 Impact on Organization.......................................................................................................14
5. Mitigation process for Information Security.............................................................................14
6. Conclusion.................................................................................................................................16
References......................................................................................................................................19
2INFORMATION TECHNOLOGY FOR MANAGERS
1. Introduction
With the increasing use of internet and with the wide use of telecommunication
technologies as well as systems, the rate of using the technologies has become more intense.
With the increasing use of internet and technologies, the vulnerabilities have also increased in
the companies and organizations by using the advance modern technologies. The networks that
becomes vulnerable mostly gets infiltrated or gets subverted in many different ways. So, the
result of vulnerable networks might lead to threats in the organizations or in the companies that
use information technology (Peltier, 2016). There are many threats for the information system
that varies from place to place and are commonly known as inside threats and the external threats
in the organizations. For making the information system secured, the most important mitigation
and prevention process that are to be carried out in the organizations is identify the threats and
type of threats that company can face and the ways the threat can affect the information system
of the organization (Safa, Solms & Furnell, 2016). There are many such threats that are
commonly known as unauthorized threats such as computer virus, sabotage, accidents, computer
viruses and these unauthorized threats are mainly carried out by hackers and crackers.
The information system is mainly designed for protecting confidentiality, availability, as
well as integrity of the computer system that is used in the organization (Soomro, Shah &
Ahmed, 2016). The design for protecting the system in the organizations is commonly known as
CIA Traid and protection should be given to the CIA Traid from the malicious attack in the
organizations and companies. This particular triad is also known as Parkerian Hexad that
includes confidentiality, integrity, availability, authenticity, possession and utility.
1. Introduction
With the increasing use of internet and with the wide use of telecommunication
technologies as well as systems, the rate of using the technologies has become more intense.
With the increasing use of internet and technologies, the vulnerabilities have also increased in
the companies and organizations by using the advance modern technologies. The networks that
becomes vulnerable mostly gets infiltrated or gets subverted in many different ways. So, the
result of vulnerable networks might lead to threats in the organizations or in the companies that
use information technology (Peltier, 2016). There are many threats for the information system
that varies from place to place and are commonly known as inside threats and the external threats
in the organizations. For making the information system secured, the most important mitigation
and prevention process that are to be carried out in the organizations is identify the threats and
type of threats that company can face and the ways the threat can affect the information system
of the organization (Safa, Solms & Furnell, 2016). There are many such threats that are
commonly known as unauthorized threats such as computer virus, sabotage, accidents, computer
viruses and these unauthorized threats are mainly carried out by hackers and crackers.
The information system is mainly designed for protecting confidentiality, availability, as
well as integrity of the computer system that is used in the organization (Soomro, Shah &
Ahmed, 2016). The design for protecting the system in the organizations is commonly known as
CIA Traid and protection should be given to the CIA Traid from the malicious attack in the
organizations and companies. This particular triad is also known as Parkerian Hexad that
includes confidentiality, integrity, availability, authenticity, possession and utility.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3INFORMATION TECHNOLOGY FOR MANAGERS
The information security that is included in the organizations mainly includes many
strategies that helps to manage all the processes, the policies, as well as tools that are needed in
an organization or company to prevent the data, detect the threat, and document the threat and
mitigation process that can be processed to counter the threats in the organizations for protecting
the digital information as well as non-digital information (Safa et al., 2015). The responsibility of
information security is to establish a business process rule that will protect the assets of
information irrespective of the data format or transit of data that are in the data storage.
Threats that are sensitive in the organization and are used privately in many different
forms such as phishing and malware attacks, ransomware attacks, and identity theft attack. For
detecting the attacks as well as mitigating the attacks are vulnerable at different points having
many security controls that are implemented as well as coordinated as a strategy of layered
defence. This particular strategy might help to mitigate the impact of the attack (Gordon, Fairhall
& Landman, 2017). For being prepared for the security breach, the groups having security
responsibility is responsible for making the IRP (Incident response plan) in the organization. The
IRP plan will allow the organizations to contain as well as limit all the damages, removes the
cause of threats, as well as include updated defence control in the organization to mitigate threat
of information security.
This report details the information security of the Uber data breach that took place in
2016. The information security data breach took place in the company resulting massive data
breach of the personal information of 57 million associated customers including the drivers. The
details of the Uber data breach is explained in this report explaining the security attack on Uber
and the cause of the attack. This report below also explains the impact that Uber has because of
The information security that is included in the organizations mainly includes many
strategies that helps to manage all the processes, the policies, as well as tools that are needed in
an organization or company to prevent the data, detect the threat, and document the threat and
mitigation process that can be processed to counter the threats in the organizations for protecting
the digital information as well as non-digital information (Safa et al., 2015). The responsibility of
information security is to establish a business process rule that will protect the assets of
information irrespective of the data format or transit of data that are in the data storage.
Threats that are sensitive in the organization and are used privately in many different
forms such as phishing and malware attacks, ransomware attacks, and identity theft attack. For
detecting the attacks as well as mitigating the attacks are vulnerable at different points having
many security controls that are implemented as well as coordinated as a strategy of layered
defence. This particular strategy might help to mitigate the impact of the attack (Gordon, Fairhall
& Landman, 2017). For being prepared for the security breach, the groups having security
responsibility is responsible for making the IRP (Incident response plan) in the organization. The
IRP plan will allow the organizations to contain as well as limit all the damages, removes the
cause of threats, as well as include updated defence control in the organization to mitigate threat
of information security.
This report details the information security of the Uber data breach that took place in
2016. The information security data breach took place in the company resulting massive data
breach of the personal information of 57 million associated customers including the drivers. The
details of the Uber data breach is explained in this report explaining the security attack on Uber
and the cause of the attack. This report below also explains the impact that Uber has because of
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4INFORMATION TECHNOLOGY FOR MANAGERS
data breach and the mitigation process that the organization has carried out for enhancing
information security.
2. Description of the Organization
Uber Technologies is a transportation network company that offers service including
ridesharing, ride service, bicycle sharing as well as food delivery. The head quarter of Uber
Technology is in San Francisco and has its operations in more than 785 areas all over the world.
The platforms of Uber technology are mainly accessed through websites as well as mobile
applications. Uber deals with millions of data of its customers and its drivers and it is very much
important for the company to protect the data that are associated with the company (Thomas &
Thomson, 2018). The data that Uber technology data includes serving million rides as well as
food deliveries along with the transaction data. As Uber always thinks about improving its
services and always finds out ways to mitigate the anomalies related to data and find a solution
for the root cause.
For maintaining its data, the company includes operational analysis and the organization
has a data warehouse team that helps to maintain parallel database and a popular platform of data
analytic within the system. Uber includes many policies that describes the way that Uber and the
affiliates collects as well as use personal information to provide the services in the world
(Robbins & Sechooler, 2018). The policy of data security is applied to all the users who uses the
application, the features, websites as well as features that includes privacy policies.
Instead of having such security policies, Uber underwent data breach misleading their
consumers to its privacy and the security practices. The company faced data breach where the
information including name and license number of the drivers were stolen and it effected the
data breach and the mitigation process that the organization has carried out for enhancing
information security.
2. Description of the Organization
Uber Technologies is a transportation network company that offers service including
ridesharing, ride service, bicycle sharing as well as food delivery. The head quarter of Uber
Technology is in San Francisco and has its operations in more than 785 areas all over the world.
The platforms of Uber technology are mainly accessed through websites as well as mobile
applications. Uber deals with millions of data of its customers and its drivers and it is very much
important for the company to protect the data that are associated with the company (Thomas &
Thomson, 2018). The data that Uber technology data includes serving million rides as well as
food deliveries along with the transaction data. As Uber always thinks about improving its
services and always finds out ways to mitigate the anomalies related to data and find a solution
for the root cause.
For maintaining its data, the company includes operational analysis and the organization
has a data warehouse team that helps to maintain parallel database and a popular platform of data
analytic within the system. Uber includes many policies that describes the way that Uber and the
affiliates collects as well as use personal information to provide the services in the world
(Robbins & Sechooler, 2018). The policy of data security is applied to all the users who uses the
application, the features, websites as well as features that includes privacy policies.
Instead of having such security policies, Uber underwent data breach misleading their
consumers to its privacy and the security practices. The company faced data breach where the
information including name and license number of the drivers were stolen and it effected the
5INFORMATION TECHNOLOGY FOR MANAGERS
Uber drivers working for the company. About 57 million riders personal information was stolen
which included names, email addresses, as well as mobile numbers of the riders. According to
the CEO of Uber, the data stolen were not misused by the hackers and according to them they
were continuously monitoring the accounts that were stolen and have flagged them by providing
additional protection to those particular accounts. For the data breach, security team of Uber took
no particular action because as per their opinion, there are many things to be done after data
breach and the data was not misused.
3. Literature Review
3.1 Definition of Information Security System
According to McCormac et al. (2017), the information security is mainly designed for
protecting the data confidentiality, integrity, as well as data availability that may be prone to
malicious intentions. As per the author, these three parameters are commonly known as CIA
Traid for providing security to information. This particular triad includes confidentiality of the
data, possession of the data authenticity of data, utility of data, availability of data as well as
integrity of data.
Another author Rahman & Choo (2015), stated that information security mainly handles
the risk management. Any data in an organization according to the author may be at risk or
threat. The information that are related with the organization includes sensitive information that
must be kept confidential and the data are not to be changed, transferred or altered without the
permission of the user. Data confidentiality includes a message that could be modified in the
transmission by some other people who intercept the data before reaching the actual user or the
Uber drivers working for the company. About 57 million riders personal information was stolen
which included names, email addresses, as well as mobile numbers of the riders. According to
the CEO of Uber, the data stolen were not misused by the hackers and according to them they
were continuously monitoring the accounts that were stolen and have flagged them by providing
additional protection to those particular accounts. For the data breach, security team of Uber took
no particular action because as per their opinion, there are many things to be done after data
breach and the data was not misused.
3. Literature Review
3.1 Definition of Information Security System
According to McCormac et al. (2017), the information security is mainly designed for
protecting the data confidentiality, integrity, as well as data availability that may be prone to
malicious intentions. As per the author, these three parameters are commonly known as CIA
Traid for providing security to information. This particular triad includes confidentiality of the
data, possession of the data authenticity of data, utility of data, availability of data as well as
integrity of data.
Another author Rahman & Choo (2015), stated that information security mainly handles
the risk management. Any data in an organization according to the author may be at risk or
threat. The information that are related with the organization includes sensitive information that
must be kept confidential and the data are not to be changed, transferred or altered without the
permission of the user. Data confidentiality includes a message that could be modified in the
transmission by some other people who intercept the data before reaching the actual user or the
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6INFORMATION TECHNOLOGY FOR MANAGERS
recipient. As per the author, this can be mitigated through cryptography tools that helps to
mitigate security threat.
As per Safa, Solms & Futcher (2016), the digital signatures helps to improve all the
information security to enhance the authenticity of all the processes as well as promoting the
individual for proving identity before the user can get access to the computer data that are
available.
As stated by Stamp (2017), the information security is not only securing the information
from all the unauthorized access. There are many threats for the information system that varies
from place to place and are commonly known as inside threats and the external threats in the
organizations. For making the information system secured, the most important mitigation and
prevention process that are to be carried out in the organizations is identify the threats and type
of threats that company can face and the ways the threat can affect the information system of the
organization The information security according to the author is considered as a practice to
prevent all the unauthorized access, using of data, disclosing of data, modification of the data,
recording, inspection, as well as destruction of the data. The information that are related with
data security might be electronic or can be physical.
3.2 Concepts of Information Security
As stated by Hsu et al. (2015), concepts of information security includes access of the
data. Accessing of data includes subject or the ability of an object for using the data,
manipulating data, affecting the data, or modifying the data that are related with subject or the
object. All the authorized user that are related with the data should have legal access to the
system and the hackers might have illegal access to any other system. The ability of a user is
recipient. As per the author, this can be mitigated through cryptography tools that helps to
mitigate security threat.
As per Safa, Solms & Futcher (2016), the digital signatures helps to improve all the
information security to enhance the authenticity of all the processes as well as promoting the
individual for proving identity before the user can get access to the computer data that are
available.
As stated by Stamp (2017), the information security is not only securing the information
from all the unauthorized access. There are many threats for the information system that varies
from place to place and are commonly known as inside threats and the external threats in the
organizations. For making the information system secured, the most important mitigation and
prevention process that are to be carried out in the organizations is identify the threats and type
of threats that company can face and the ways the threat can affect the information system of the
organization The information security according to the author is considered as a practice to
prevent all the unauthorized access, using of data, disclosing of data, modification of the data,
recording, inspection, as well as destruction of the data. The information that are related with
data security might be electronic or can be physical.
3.2 Concepts of Information Security
As stated by Hsu et al. (2015), concepts of information security includes access of the
data. Accessing of data includes subject or the ability of an object for using the data,
manipulating data, affecting the data, or modifying the data that are related with subject or the
object. All the authorized user that are related with the data should have legal access to the
system and the hackers might have illegal access to any other system. The ability of a user is
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7INFORMATION TECHNOLOGY FOR MANAGERS
mainly regulated by the access control in an information security. The concepts that are
associated with the information security are discussed below:
Asset: Pathan (2016) stated that assets are defined as the organizational resource that are
to be protected. The asset that are related with the organization are to be logical that has to
include the information, or the data related with the organization. Assets that are included are to
be physical that includes a person, the computer system, or some tangible objects that are related
with the information security. The assets that are related to information are mainly focused on
the security of the information that includes protecting the data security.
Attack: Some intentional as well as unintentional activities that helps to cause damage or
compromise the information of the system that helps to support the attack. The attack that are
included in information security might be active attack or passive attack, intentional attack or
might be unintentional attack (Bhattarai, Joyce & Dutta, 2016). The attack on information
security might also be direct or indirect attack. As for instance, someone reading some sensitive
information are not actually intended for using the data in passive attack. Some hacker who
wants to break the information system by their own and that is known to be as intentional attack.
The hacker directly attacks the information security with some personal system so that they can
break in the system. Indirect attack includes hackers to compromise a system as well as using
them to attack the other systems. Example of indirect attack can be botnet. This particular group
of compromised computers mainly runs to the software of hacker to choose direct control to the
system attack as well as steal the user information or can conduct DOS service attack. The direct
attacks mainly originates from threat. The indirect threats mainly originates from some
compromised system as well as resource that includes malfunctioning or working under some
threat control process.
mainly regulated by the access control in an information security. The concepts that are
associated with the information security are discussed below:
Asset: Pathan (2016) stated that assets are defined as the organizational resource that are
to be protected. The asset that are related with the organization are to be logical that has to
include the information, or the data related with the organization. Assets that are included are to
be physical that includes a person, the computer system, or some tangible objects that are related
with the information security. The assets that are related to information are mainly focused on
the security of the information that includes protecting the data security.
Attack: Some intentional as well as unintentional activities that helps to cause damage or
compromise the information of the system that helps to support the attack. The attack that are
included in information security might be active attack or passive attack, intentional attack or
might be unintentional attack (Bhattarai, Joyce & Dutta, 2016). The attack on information
security might also be direct or indirect attack. As for instance, someone reading some sensitive
information are not actually intended for using the data in passive attack. Some hacker who
wants to break the information system by their own and that is known to be as intentional attack.
The hacker directly attacks the information security with some personal system so that they can
break in the system. Indirect attack includes hackers to compromise a system as well as using
them to attack the other systems. Example of indirect attack can be botnet. This particular group
of compromised computers mainly runs to the software of hacker to choose direct control to the
system attack as well as steal the user information or can conduct DOS service attack. The direct
attacks mainly originates from threat. The indirect threats mainly originates from some
compromised system as well as resource that includes malfunctioning or working under some
threat control process.
8INFORMATION TECHNOLOGY FOR MANAGERS
Safeguard, control on information, as well as countermeasure on data: The security
policies, mechanism, as well as security procedures includes counter attacks that helps to reduce
the risk of data breach, resolve the vulnerabilities, as also improve security in the organization.
Exploit: Exploit is known as a technique that helps to compromise a system. The threat
agents mainly attempts in exploitation of the system and include all other information asset by
the using that particular asset for their personal gain (Cavusoglu et al., 2015). Exploitation can
also be considered as documentation process that can take advantage to vulnerability or to
exposure that happens usually in software that can be inherited in the software or can be created
by the hacker. Exploits generally make use of all the existing tools or the software components
that are custom made.
Exposure: Exposure in information security includes a particular condition or some state
that is being exposed. In information security, the exposure mainly exists when there is a security
breach exits in the system by some unknown attacker.
Loss: There might be loss of data in the information system that suffers damage or the
unauthorized, unintended, disclosure, as well as modification of data in the system. When the
data of the organization is stolen, it might suffer loss in the system.
Profile Protection and security posture: According to Parsons et al. (2015), the control
set and the safeguard set in information security mainly includes policy, training, technologies,
awareness, education as well as regulations that the organizations incorporates in its working
process to protect the system from being hacked by some attackers. The profile protection is
sometimes used alternatively with the security programs throughout the security programs that
Safeguard, control on information, as well as countermeasure on data: The security
policies, mechanism, as well as security procedures includes counter attacks that helps to reduce
the risk of data breach, resolve the vulnerabilities, as also improve security in the organization.
Exploit: Exploit is known as a technique that helps to compromise a system. The threat
agents mainly attempts in exploitation of the system and include all other information asset by
the using that particular asset for their personal gain (Cavusoglu et al., 2015). Exploitation can
also be considered as documentation process that can take advantage to vulnerability or to
exposure that happens usually in software that can be inherited in the software or can be created
by the hacker. Exploits generally make use of all the existing tools or the software components
that are custom made.
Exposure: Exposure in information security includes a particular condition or some state
that is being exposed. In information security, the exposure mainly exists when there is a security
breach exits in the system by some unknown attacker.
Loss: There might be loss of data in the information system that suffers damage or the
unauthorized, unintended, disclosure, as well as modification of data in the system. When the
data of the organization is stolen, it might suffer loss in the system.
Profile Protection and security posture: According to Parsons et al. (2015), the control
set and the safeguard set in information security mainly includes policy, training, technologies,
awareness, education as well as regulations that the organizations incorporates in its working
process to protect the system from being hacked by some attackers. The profile protection is
sometimes used alternatively with the security programs throughout the security programs that
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9INFORMATION TECHNOLOGY FOR MANAGERS
helps to compromise all managerial aspects including personnel programs, planning programs,
and carry out subordinate programs in the organization.
Risk: Risk includes the probability of something unwanted that might happen which is
unexpected. The organization might face risks related to information security so that they can
match the risk appetite which includes quantity as well as risk nature for the organization that
might accept.
Threat: Threat resembles to category of persons, entities or object who can face danger
because of an asset. Threats present in an organization can be done purposefully or can be
accidental.
3.3 Organizational Security Policy
As per the authors, there is always a need of implementing security policy in an
organization. The security policy should not be simple and should convey an action plan that
includes the purpose, the applicability, the activities, the importance as well as goals of the
organization. The organization should carry out security agenda throughout its working process
and responsibility should be taken by an organization to follow all such security measures within
the system. As per the author Cram, Proudfoot & D’Arcy (2017), all the employees in the
organization should be given appropriate training related to policy of information security and
the security expectation of the organization. The security expectation of the organization
includes all the functional roles that are being carried out in the working process of the
organization. As for instance, the corporate internet includes the policy that has to be
communicated in a proper way, and the employees in the organization should understand it and
acknowledge it clearly. There should be a specific policy that includes the policy of managing
the software in the organization and should be scoped that includes all other personnel who are
helps to compromise all managerial aspects including personnel programs, planning programs,
and carry out subordinate programs in the organization.
Risk: Risk includes the probability of something unwanted that might happen which is
unexpected. The organization might face risks related to information security so that they can
match the risk appetite which includes quantity as well as risk nature for the organization that
might accept.
Threat: Threat resembles to category of persons, entities or object who can face danger
because of an asset. Threats present in an organization can be done purposefully or can be
accidental.
3.3 Organizational Security Policy
As per the authors, there is always a need of implementing security policy in an
organization. The security policy should not be simple and should convey an action plan that
includes the purpose, the applicability, the activities, the importance as well as goals of the
organization. The organization should carry out security agenda throughout its working process
and responsibility should be taken by an organization to follow all such security measures within
the system. As per the author Cram, Proudfoot & D’Arcy (2017), all the employees in the
organization should be given appropriate training related to policy of information security and
the security expectation of the organization. The security expectation of the organization
includes all the functional roles that are being carried out in the working process of the
organization. As for instance, the corporate internet includes the policy that has to be
communicated in a proper way, and the employees in the organization should understand it and
acknowledge it clearly. There should be a specific policy that includes the policy of managing
the software in the organization and should be scoped that includes all other personnel who are
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10INFORMATION TECHNOLOGY FOR MANAGERS
related with the system. As per the security policies in the organizations and the procedures,
there should be employee attestation. Which helps to provide valuable input to put the policy
enforcement as well as education process in the organization.
3.4 Benefits of Network Security:
The benefits that information security incorporates in an organization are stated below:
The network security mainly helps to protect al personal data of the clients that exists on
the network.
The network security in an organization helps to facilitate the protection of the
information that is shared between the computer networks.
Hacking mainly includes virus attacks or spyware attacks from internet that might harm
the physical computers connected with the organization. All the external attacks are to be
prevented (Bhattarai, Joyce & Dutta, 2016).
The network security mainly provides different access levels. In an organization, there
are different computer systems that are attached to the network of the enterprise and there
can be many other computers that have greater access to all the information compared to
others.
The private networks are mainly provided with protection from all external attacks that
might help them to close the network system form the internet. The network security
makes the private attacks safe from malicious attacks.
3.5 Need of System security
As per Montesdioca & Maçada (2015), there is a need of system security within all the
organizations and there should network technology which is the main factor that is included in
the information technology. There are wide variety of applications that are included in
related with the system. As per the security policies in the organizations and the procedures,
there should be employee attestation. Which helps to provide valuable input to put the policy
enforcement as well as education process in the organization.
3.4 Benefits of Network Security:
The benefits that information security incorporates in an organization are stated below:
The network security mainly helps to protect al personal data of the clients that exists on
the network.
The network security in an organization helps to facilitate the protection of the
information that is shared between the computer networks.
Hacking mainly includes virus attacks or spyware attacks from internet that might harm
the physical computers connected with the organization. All the external attacks are to be
prevented (Bhattarai, Joyce & Dutta, 2016).
The network security mainly provides different access levels. In an organization, there
are different computer systems that are attached to the network of the enterprise and there
can be many other computers that have greater access to all the information compared to
others.
The private networks are mainly provided with protection from all external attacks that
might help them to close the network system form the internet. The network security
makes the private attacks safe from malicious attacks.
3.5 Need of System security
As per Montesdioca & Maçada (2015), there is a need of system security within all the
organizations and there should network technology which is the main factor that is included in
the information technology. There are wide variety of applications that are included in
11INFORMATION TECHNOLOGY FOR MANAGERS
information technology. Security is very much important to the networks as well as the
applications. The security of the network as per the authors is very critical requirement and
includes lack of security methods that can be implemented for ensuring the security of the
system.
As per the authors Dhillon et al. (2016), there is always a communication gap in between
the developers of the security technology and the network developers. The network design is
commonly known as well-developed process that is designed on the OSI model of the computer
system. The OSI model has different advantages that helps to design the networks in an
organization (Cavusoglu et al., 2017). The OSI model mainly offers modularity, ease-of-use, the
standardization process, and the flexibility that are included in the network protocol. There are
different layers of protocols that can be easily combined for creating the stacks that allows
development of modules in the organization.
The authors have also stated that the implementation of the individual layer has to be
changed without making any adjustments, or including flexibility in the development process
(Yazdanmehr & Wang 2016). Other researchers have also stated that securing the network
design is not a well-developed process. There is not particular methodology that can manage
complexity involved in security requirement of an organization. The secure designs of network
does not provide any advantage compared to the network design. When the network security is
considered in an organization, it is stated that the whole network has security and offers all
possible security that are needed in an organization. The network security only does not contain
security in the system of communication chain. To transmit the data communication channel, the
channel should be free from vulnerable attack (Da Veiga & Martins, 2017). A hacker might
target the communication channel and also cause harm to the network system, obtain all data that
information technology. Security is very much important to the networks as well as the
applications. The security of the network as per the authors is very critical requirement and
includes lack of security methods that can be implemented for ensuring the security of the
system.
As per the authors Dhillon et al. (2016), there is always a communication gap in between
the developers of the security technology and the network developers. The network design is
commonly known as well-developed process that is designed on the OSI model of the computer
system. The OSI model has different advantages that helps to design the networks in an
organization (Cavusoglu et al., 2017). The OSI model mainly offers modularity, ease-of-use, the
standardization process, and the flexibility that are included in the network protocol. There are
different layers of protocols that can be easily combined for creating the stacks that allows
development of modules in the organization.
The authors have also stated that the implementation of the individual layer has to be
changed without making any adjustments, or including flexibility in the development process
(Yazdanmehr & Wang 2016). Other researchers have also stated that securing the network
design is not a well-developed process. There is not particular methodology that can manage
complexity involved in security requirement of an organization. The secure designs of network
does not provide any advantage compared to the network design. When the network security is
considered in an organization, it is stated that the whole network has security and offers all
possible security that are needed in an organization. The network security only does not contain
security in the system of communication chain. To transmit the data communication channel, the
channel should be free from vulnerable attack (Da Veiga & Martins, 2017). A hacker might
target the communication channel and also cause harm to the network system, obtain all data that
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 23
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.