combating Inside Threats to Enterprise Information System
I am a Management Information System student and I have a research class, so I have to choose a topic and write a research paper about it. I chose ” combating Inside Threats to Enterprise Information System ” a draft research proposal that contains a clear statement of:
• the purpose of the research, research questions, and preliminary thesis;
• the boundaries of the research area;
• an outline of the research sub-topics;
• solves suggestion for this problem;
• the methodological approach; and a preliminary reading list that proposal may change to a big research paper and we going to work together for the rest of the semester
Combating Inside Threats to Enterprise Information System
The use of Information systems in today’s world has been arising as a necessity for almost all organizations. This increasing need has led to the development of different systems to carry out different roles and to assist employees in their tasks (Laudon & Laudon, 2012). Unfortunately, these systems are also increasingly becoming vulnerable to threats emanating both internally and externally. This research will seek to investigate the different ways through which companies can combat threats that emanate internally through evaluation of areas where these threats could result.
Purpose of the Research
This research will offer insight to organizations and technicians in the field on ways through which they could conduct a vulnerability analysis of their systems. Additionally, the research will also seek to clarify on why these professionals might need to consider instituting security measures in the organization by weighing between the goals of an organization and the measures that have been adopted in the management information systems field. The three main aspects that will guide this research are protecting confidentiality of information system data, Maintaining the integrity of the systems themselves and to ensure the systems functions effectively at all times (Poels, 2013).
Research questions,
What are the internal factors that could position an organization at a vulnerable position?
What form of threats can affect an organization internally?
What can organization do to combat these threats?
How can an organization conduct a vulnerability assessment on their systems to reduce chances of vulnerability?
Preliminary Thesis;
Enterprise Information systems are vulnerable from two notable areas; externally and internally, internally is a more vulnerable of the two since in most cases it allows for a direct authorized access to the system.
The Boundaries of the Research Area;
This study will focus on identifying reasons why an organization is in a more vulnerable position internally. Further, the research will seek to substantiate whether the same problems faces the different categories of organizations. This will be followed by an evaluation of the various forms of vulnerabilities by categorizing them in the different areas that they range. Later, the research will offer proposition on how organizations can combat these problems. In addition, there will be a notation of the various ways through which the organization can conduct a vulnerability assessment of their system to reduce the chance of this vulnerability (Papajorgji & Guarracino, 2013).
The scope of this paper will focus on small and large organizations. In each of the two cases, the research will seek to establish the common threats they have faced and the measures that the organization from these two categories can embrace. The research will also seek to co-opt insight from previous researchers and contribution from professionals in the field to establish a guideline on the most applicable measures to resolve this problem.
An outline of the Research sub-topics;
- Internal factors that position an organization on a vulnerable position
- Human Factors
- Policies
- Organizations Infrastructure
- Types of threats that emanate from these Factors
- Human factors- Carelessness of the employees or the end users, Intentional or acts from the end-user (especially disgruntled employees who may use Malicious Software – Worms, Viruses and Trojan Horses
- Policies – (Bring Your Own Device threat) Access Threats due to poorly or misconfigured hardware and software components (Ravindran, Sadana & Baranwal, 2013).
- Organization infrastructure and capacity – Reconnaissance due to poor network designs, or poor technological weakness of the organizations and lack of Funds to hire the right technical staff
- What an Organization needs to do to combat these problems (Cascarino, 2007)
- Threat Identification
- Notation off the trends relating to each of the threats in each category