Management Information Systems

Assignment 7

3/2/2014

Q1.) How is the security of a firm's information system and data affected by its people,
organization, and technology? How can a firm's security policies contribute and relate to
the six main business objectives? Give examples.

A1.) People, the organization and technology all play key parts in a firm’s security of its

information. The people need to be able to use the proper techniques while they are on the

computer. They need to have knowledge of the software’s they use so they can be aware if a

problem arises and how to fix it. The people are also the ones that develop the security policies

and plans for if anything happens. The organization need to deploy the security to the computer

systems. Having properly trained employees will help stop problems from occurring, and

training is the organizations responsibility. Technology is a big part of a firm’s security. They

need to be up to date with their software and have proper security features. The technology

aspect implements web site security systems, authentication technologies, and individual security

features. A firm’s security policies contribute greatly to a firm’s security controls. Software

controls prevent unauthorized access of software programs, system software, and computer

programs. Hardware controls ensure that computer hardware is physically secure and check for

equipment malfunction. Organizations that are critically dependent on their computers must

make provisions for backup. Computer operations controls oversee the work of the computer

department to ensure that programmed procedures are consistently and correctly applied to the

storage and processing of data. The controls help assist with backup and recovery procedures.

Data security controls ensure that valuable business data files on either disk or tape are not

subject to unauthorized access, change or destruction. Implementation controls audit the systems

development process at various points to ensure that the process is properly controlled and
managed. Administrative controls formalize standards, rules, procedures and control disciplines

to ensure the organizations controls are properly executed and enforced.

Q2.) Why is software quality important to security? What specific steps can an
organization take to ensure software quality? Hackers and their companion viruses are an
increasing problem, especially on the Internet. What are the most important measurers for
a firm to take to protect itself from this? Is full protection feasible? Why or why not?

A2.) Software quality is very important because software errors pose a constant threat to

information systems. Problems with software can cause untold losses in productivity. Flaws in

software can also create security vulnerabilities that open networks to intruders. Keeping up to

date software with proper security features will help prevent hackers. Flaws can be corrected

with small pieces of software called patches. Patches repair the flaws without disturbing the

proper operation of the software. Governing design, security, and using computer programs that

secure data files throughout the organization will protect the infrastructure. Applying this to all

computers along with a combination of hardware, software and manual procedures will help

control against hackers. Zero defects cannot be achieved because complete testing is not possible

with large programs. Large corporations can contain tens of thousands of lines of code, which

makes complete protection not feasible.

Q3) Read the case study (How Secure is Your Samrtphone?) on page 249. And answer the
following questions:

a. It has been said that a smartphone is “a microcomputer in your hand.” Discuss the
security implications of this statement. What people, organization, and technology
factors must be addressed by smartphone security? What steps can individuals and
businesses take to make their smartphones more secure?
b. Visit two of the following Web sites: Droid Security, F-Secure, Lookout, and
Kaspersky and review their capabilities for mobile device security. Compare the
capabilities of two of these services. What mobile platforms does each support?
What protection does each provide?
A3.1.) A huge security risk is that if the person loses their phone all of that information stored is

vulnerable to whoever finds it. People store so much information on their phones and have many

banking or other important applications that could be hacked into if the phone was stolen. The

fact that they are like a computer puts smart phones at risk of being hacked in similar ways. The

article says spam and malicious downloads are almost easier to download on a phone than a

computer. People need to be more careful with what applications they download, and workers

need to have closer observations of applications that are approved for users to buy. Organizations

like Apple and Android need to create much higher security standards for applications and

maybe offer optional increased protection. These smart phones are very advanced but they might

not have enough security features. Businesses can make more secure products and individuals

need to be more aware and careful about internet use on their phones. Paying attention to what

they download will help prevent future hacking.

A3.2.) I first looked at Droid Security, and they offer many features. The software can find and

protect your phone if lost or stolen; it also offers scanners to protect you on the internet. It

enhances performance, gives better battery life and storage performance. It finally helps protect

against spammers and hackers. F-Secure the other company protects against viruses, improves

device speed and allows secure web browsing. It helps locate missing mobile devices and

protects against harmful applications or any intrusions or identity theft. Both companies provide

similar features needed to protect your mobile device. F-secure might offer a few more features

but it also costs $29.99 and Android is free. Droid Secure only supports Android smart phones

and tablets. F-secure also support versions of Android. Droid secure and F-secure both protect

data, and have tracking features to find lost or stolen phones. Virus protection and anti theft are

the biggest features both companies provide.