The paper "Business Information Systems" is a perfect example of a business assignment. Vulnerabilities of assets refer to the flaws in the assets of an organization; or in the words of Lenaghan and Onwubiko (2007), it is the absence of controls in security that could result in a breach in the security of the assets when they are exploited by threats. Various factors contribute to these vulnerabilities. The attacks are dependent on the flaw or susceptibility of the system, the access of the attacker to this flaw and the ability of the attacker to exploit the flaw.
When the system is susceptible, it is easy for the attacker to launch an attack to the assets. One factor that contributes to this susceptibility is stated by Whitman (2003) that organizations’ managers and employees have ignored information security. While security to information has been pointed out as an important issue, executives do not consider it as being critical (Whitman, 2003). In the present world, the business environment has become increasingly interconnected, interdependent and the network has become wireless. This has increased susceptibility. In addition to this, the number of organized crime has taken over the number of cybercrimes.
This implies that individuals set out targets and launch their attacks. Another factor that has contributed to this vulnerability is the rolling out of new technology which has led to changes in identifying new threats. Computers as well as storage devices have become faster, smaller and cheaper. A combination of these factors increases the susceptibility of the organization’ s assets. Question 2: Contrast unintentional and deliberate threats to an information resource. Provide two (2) examples of both Unintentional threats refer to acts that are performed by individuals without any malicious intentions to the security of information.
One such threat is human error. According to Whitman (2004), the biggest threat to the information assets of an organization are the employees of the company. In fact, employees who work in the departments of information systems and human resource pose the greatest threat. This is because they have access and controls to very sensitive information of the company.
CNA, 2010, Risk Transfer: A Strategy to help protect your Business, New York, USA.
Lenaghan, A. & Onwubiko, C. 2007, Managing Security Threats and Vulnerabilities for
Small to Medium Enterprises, IEEE International Conference on Intelligence and Security Informatics, London, UK.
McGroddy, J. & Herbert, L. 2004, A Review of the FBI's Trilogy Information Technology Modernization Program, Washington, National Academies Press.
Rainer, K. & Cegielski, C., 2010, Introduction to Information Systems: Enabling and Transforming Business, 3rd Edition, USA, John Wiley and Sons.
Rouse, M., 2011, Spear Phishing, Accessed online on September 1 2013 from:
The FBI, 2013, New E-Scams & Warnings, Accessed on September 1, 2013 from:
Vavoulas, N. & Xenakis, C., 2010, A Quantitative Risk Analysis Approach for Deliberate
Threats, University of Piraeus, Greece.
Walker, J. 2013, How can Organizations Guard against Phishing Scams? Accessed online on September 1, 2013 from:
Whitman, M., 2003, Enemy at the Gate: Threats to Information Security, Communications of the ACM, Vol. 46, No. 8.
Whitman, M., 2004, In Defense of the Realm: Understanding the Threats to Information Security, International Journal of Information Management, 24: 43–57.