Information technology and organizations influence each other as a relationship influenced by organization’s structure, business processes, politics, culture, environment and management decisions. There is no ex-ante, readily calculable return on investment for IT security like homeowner’s insurance or a car with extra air bags, it is money spent today to relieve the risk and potential cost and impact of events that never emerge. Thus, IT security should be viewed as a necessary cost of doing business.
In the work on IT and information security with companies in a wide range of industries, including banking, insurance, defense, aerospace, industrial goods, energy, raw materials telecommunications, and logistics, have identified a number of other actions that executives can take to improve the companies’ chances of success. To rival and success in global market, information technology is important in competitive environment. (Kenneth C. Laudon, Jane P. Laudon, 2018), global investment in information technology has expanded by 30 percent in the period 2005 to 2015. IT investment now accounts for an estimated 20 percent of all capital investment. Information systems are transforming business as mobile digital platform, systems used to improve customer experience, respond to customer demand, reduce inventories, growing online newspaper readership, expanding e-commerce and internet advertising, new federal security and accounting laws.
Firms contribute heavily in information systems to get six strategic business objectives. There are operational excellence, new products, services, and business models, customer and supplier intimacy, improved decision making, competitive advantage and survival. IT platform can lead to changes in business objectives and strategies. Businesses rely on information systems to help them achieve their goals and to attain higher profitability.
Information systems improved decision making from accurate information. To achieve the greater efficiency and productivity, the tool of information technology is an important. IS support organization to achieve competitive advantage as delivering better performance, charging less for superior products, responding to customers and suppliers in real time (Examples: Apple, Walmart, UPS).Competitiveness was very often increased because of great cost savings and better service to clients.
Communication and inter organizational systems seemed to be very important in this respect. Now a day, organizations are in the rival for improving their capability in order to survive in the global market. To make effective and timely decisions that best achieves their organization goals more easy to get from using the appropriate information of internal and external sources. (Karim, 2011).(Karim, 2011), stated that “information is an arrangement of people, data, process, and information technology that interact to collect, process, store and provide as output the information needed to support an organization,” “If the relevant information required in a decision-making process or an organization planning is not available at the appropriate time, then there is a good change to be a poor organization planning and priority of needs, inappropriate decision-making and defective programming” , (Adebayo, 2007).
In postindustrial organizations, authority increasingly relies on knowledge and competence rather than formal positions with sufficient information technology. Because of the difficulty to sustain competitive advantage, organization needs to be continuous innovation. In order to stay ahead system performing strategic may become tools for survival and firm value chains. Information security is a serious problem for individuals and organizations because it indications to unlimited financial losses. Information systems are exposed to different types of security risks. The type of damage caused by security threats are different as database integrity security breaches, physical destruction of entire information systems facility caused by fire, flood, etc.
The sources of those threats can be unwanted activities of reliable employees, hacker’s attack, accidental mistakes in data entry, etc. Information systems are vulnerable because of the accessibility of networks can breakdowns hardware problems, unauthorized changes and programming errors software problems, disasters, use of networks outside of firm’s control, and loss of portable devices (Kenneth C. Laudon, Jane P. Laudon, 2018). Risks come from easily by using network open to anyone, size of internet mean abuses can have wide impact, use of fixed internet address with cable and DSL moderns creates fixed targets for hackers, unencrypted VOIP, interception and attachments with malicious software from email. Security is breached easily from radio frequency bands easy to scan, using SSIDs (service set identifiers), identify access points, broadcast multiple times, can be identified by sniffer programs, war driving, eavesdroppers drive by buildings and try to detect SSID and gain access to network and resources, Once access point is breached, intruder can gain access to networked drives and files. Malware (malicious software) as viruses and worms can operate on their own without attaching to other computer program files and can spread much more rapidly than computer viruses. Worms and viruses spread by drive-by download and destroy data and programs as well as disrupt or even halt the operation of computer networks.
Malware that comes with a downloaded file that a user intentionally or unintentionally requests by E-mail, IM attachments, hackers, request malicious files without user intervention, delete files, transmit files, install programs running in the background to monitor user action, & potentially convert the smartphone into a robot in a botnet to send e-mail & text messages to anyone, mobile device malware and social network malware. Hackers & crackers make intentional disruption, defacement, destruction of website or corporate information system gain unauthorized access by finding weaknesses in the security protections employed by Web sites and computer systems. Hackers flood a network server or Web server with many thousands of false communications for spoofing for redirecting a Web link to an address different from the intended one. Hackers uses for sniffing enable to steal private information from anywhere on a network, including e-mail messages, and confidential reports. It’s very damaging and difficult to detect. An extremely serious threat because they can be used to launch very large attacks using many different techniques.
Computers as targets of crime for breaching the confidentiality of protected computerized data and computer may be instrument of crime theft of trade secrets or unauthorized copying of software or copyrighted intellectual property, such as articles, books, music, and video, schemes to defraud, using e-mail for threats or harassment intentionally attempting to intercept electronic communication, illegally accessing stored electronic communications, including e-mail and voice mail, transmitting or possessing child pornography using a computer. Hackers may be aim for identity theft as used information to obtain credit, merchandise, or services in the name of the victim and phishing, evil twins, pharming, click fraud, cyber-terrorism, cyber-warfare. The sources of threat can be inside or outside the attacked system. The organizations and their security systems are usually focused on protecting themselves from threats that are origin from outside the system.
The threats that are coming from inside are often not considered. Because the way it is possible to determine from what we are protecting information system, it is possible to more efficiently use limited resources.