SECURITY ISSUES IN ORGANIZATIONAL I.T. SYSTEMS
Security Issues in Organizational I.T. Systems
The development of new technologies for business operations often always comes with a security concern that reduces the effectiveness of the use of technology. In the business environment, because currently, a vast majority of businesses utilize information management systems to some varied extent, the concern of security issues in information technology systems has grown insignificance. In arguing for the significance of security of enterprise IT systems, Sharma (2012), notes that systems securities are vital because they not only focus on the organization but also extend to the digital network (1). In this case, in studying security issues, the focus should not only be on the organization and its internal system but also how that open system interacts with the external environment. The scope of security issues in organizational I.T. systems is therefore only a perspective from which I.T. systems’ security is analyzed. From this perspective, it becomes possible to identify the origin of the security concerns as well as the strategies for addressing them.
Definition and Scope of I.T. Systems Security Issues
Given the evolutionary and dynamic nature of information technology, scholarship has often assigned a fluid definition to the concept in order to encompass all technologies that receive and processes information electronically. The Information Technology Infrastructure Library has since defined the concept as a system that involves humans, processes, and technology (Madon and Krishna, 2018). As such, identification of organizational I.T. systems would focus on all the facets of the organization that include the use of technology in the processes. For this essay, organizational I.T. systems shall be defined as the composite of internal and external technologies used by the members of the organization to undertake specific tasks relating to the achievement of the organization’s value creation objectives. The essence of including value creation in the definition is to highlight on the strategic aspect of I.T. system adoption. As such, security concerns would be analysed from the perspective of all elements, which seek to undermine the achievement of the organization’s strategic objectives.
The definition also seeks to extend to the other areas of the organization, such as the processes and human aspects. This is because, in the definition of I.T. systems, the people and processes are a crucial part. Security concerns would therefore extend to the human user of the I.T. system, focusing on both the internal members of the organization, such as employees and management, and the external members, such as customers, government and competitors. It is necessary to define I.T. system security issues because; the definition would construct the scope of discussion. Information systems are expansive topics of study and focusing on a particular aspect would help in reducing redundancies in the discussion (Chapple, Stewart, and Gibson, 2018). As such, the scope of discussing the topic under-study is to determine the security issues that emerge from the people, processes, and technologie`s that are significant to the achievement of the organization’s strategic objectives. Therefore, security issues of organizational I.T. systems would therefore be defined as; risks and elements in the information-processing environment of the organization that undermine the achievement of the technology-based strategic objectives of the organization.
Application of Security Issues in Organizational I.T. Systems
The dynamism of the open nature of business operating systems points to the need for organizations to align their processes and resources to the external environment. Organizations need to interact with the external environment in order to achieve its strategic objectives. As such, the processes and resource management systems is determined by the strategies in the external environment. Understanding the concept of I.T. systems security allows organization leaders to identify and determine ways of application of measures that allow for increased security and objective achievement (Wang, Kung, and Byrd, 2018. pp.3-13). The emergence of technologies that regulate the interactions between organizations and its stakeholders allows organization to enhance such interactions. The concept of security issues in organizational I.T. systems is therefore applied in various aspects of the organization. These areas of use and application are discussed in this section of the discussion, highlighting the current trends in the use of the concept.
Information Systems Management
Business transactions occur through a process of information management and exchange. The effectiveness of the process is dependent on the level of risks to the integrity of the input, the process, and output of the systems. It is at this point that security issues emerge from the organizational system. The input of information should be accurate, and complete, as well as ethically collected. The absence of these three features from the information input would result in poor decision-making outcomes. Ensuring the security of the input information would enable the organization to source for credible information and enhance the image of the organization to the stakeholders. With reference to the processes of the information management systems, the application and coordination of the efforts of organization’s resources in analysing and evaluating the input information is the point where security concerns should be identified and addressed. The presence of security concerns reduces the effectiveness of processes. Lastly, the output of the system should be guarded from security threats to prevent misuse of information output, and wastages. In this case, the security issues applied are those that emerge from the organization such as corporate espionage, phishing, and information leaks.
Assets management is the process through which the tangible and intangible assets of the organization are utilized and safeguarded against threat in pursuit of the objectives of the organization. In this area of use, security issues are with reference to the misuse of assets. The concept of security issues applies through the application of Information Technology Asset Management. The purpose of identifying security risks in this area is that it reduces risks on Information Technology assets, while reducing costs and improving performance of the assets. Security concerns in this area include wastages, theft, and obsolescence of technology. The management of the organization would seek to identify elements of risk that would affect the effectiveness of the use of I.T. assets, which would in turn increase productivity of the organization. As such, security concerns in asset management allow the organization to note areas of risk of wastage, loss, and inefficiencies towards the alignment of the management activities to the strategic objectives of the organization.
Human Resource Management
The use of concepts of IT systems security in organizational human resource management systems is because the human resource forms the user aspect of the system. The direct interaction between the human resource aspects of the organization and its IT systems presents a distinct and significant risk to the security concerns of the organization. The organization needs to ensure that the users have a deep understanding of the system to allow them work with it effectively, while also prevent the misuse of such knowledge to cause security threats. Modern security threats such as misuse of information are directly related to the concept of security concerns. The organization, in this case, seeks to increase knowledge of the users regarding the use of applications and systems, while offering a system of control, which restricts access. In this way, security is achieved by creating a balance in the workforce of effective knowledge of security systems and security risk controls. Additionally, organizations address the issue of security concerns as a cultural aspect of the organization to ensure higher effectiveness in achieving strategic objectives of the organization.
Another area of application of the concept of security issues in organizational IT systems is in the interaction with external stakeholders, comprising of the government, customers and competitors. The security issues regarding the government concerns adherence to regulations in handling of IT security systems. With concerns to the customers, the organization needs to ensure that customer records are safe and free from errors in order to decisions to benefit them. With respect to competitors, the security issues stems from an ethical perspective where the organization should act ethically towards the information of its competitors, and also protect the integrity of the information it issues to competitors regarding its operations. In the application of security issues concepts to the external stakeholder areas, it is prudent for the organization to realize that the security risks that emerge are external to the control of the organization. As such, the risks can only be mitigated but not managed.
Advantages and Disadvantages
Understanding the advantages and disadvantages of security issues requires knowledge in the structure of organizational IT systems. The systems allow the organization to achieve its objectives in a more efficient manner and placing security issues at the fore of strategy implementation helps in the elimination of security risks. However, the organization needs to ensure that the systems are in line with government regulations, which, in some instances are not aligned to the objective of the organization. For instance, where government requires disclosure of financial records through open access website, the competitors of the organization can take advantage of the information to gain significant competitive advantage. Similarly, where the organization needs to safeguard the integrity of customer information and employees have free access to the information, the advantage would be security issues concepts would help the organization to develop privacy protocols, but would also enhance knowledge of employees who may misuse the information. In this case, the dual nature of IT systems and the concept of security present a balancing challenge to the organizations.
Another advantage of the concept of security issue in organizational IT systems is that it helps the organization to be able to develop decisions that are forethought and concise. With increased security, the integrity of information collection and processing aspects of the organizational system are increased. In this way, the organization is able to predict outcomes of strategies realistically. However, as a disadvantage, the increased complexity of the security systems increases the cost of implementation of the strategies. The organization is required to invest heavily on technologies, which affects the returns of the strategies employed by the organization. The trade-off between the advantages of increased strategy implementation effectiveness and disadvantages of high cost of decision-making requires organization to act in the most potentially benefiting manner to the organization. Due to this challenging balance, organizations often fail to realize their strategic objectives and end up doing away with the systems resulting in loss of competitive advantages.
Types of Security Issues in Organizational IT Systems
The number of types of security concerns has increased over the years due to the development of technologies that are easily adaptable by malicious individuals. With every technological development, there emerges a security threat that directly affects the information technology system of the organization. However, there are some common ones, which are crucial to organization security and should therefore be emphasized in the development of security protocols in the organization. The first type of security concern is identity theft. Identity theft occurs where a malicious individual unlawfully obtains and utilizes personalized information of another individual for personal and illegal gains. This type mostly affects the employees and customers of the organization. In this case, the malicious individual would unlawfully obtain the identity of the employee and access organizational information, or that of a customer, and acquire goods or services illegally at the expense of the victim (Hossain, Fotouhi, and Hasan, 2015).
Another type of security issue is physical security of information technology assets. This type is more concerned with the security of the organizations physical assets that are used in the information system. These include physical theft of hardware equipment, and use of malicious software to cause a malfunction in the hardware. The organization puts in place physical access controls in order to prevent the security type from occurring. Another type of security concern is information theft. This concerns the malicious and unlawful access or use of data belonging to the organization. Such unlawful use can include passing of the information to unintended users, spamming, or corporate espionage. In such cases, the organization makes use of physical and parametric access control strategies to restrict access to organization information. The last type is sabotage, a recent and potentially dangerous security concern. Under this type of security issue, the malfeasant takes control of the operations of the organization, preventing access to the system by all users. From the descriptions, it is evident that all the types prevent the organization from achieving their strategic objectives and should be identified and mitigated (Hossain, et al, 2015).
Importance of the Concept
Understanding security concerns of organizational IT systems helps in increasing the effectiveness of strategy implementation. Managers are required to identify security issues in the organization in order to develop ways through which they can be mitigated. In the absence of such an understanding, it becomes difficult to navigate the changing technology environment. Another significant importance is the benefit to policy makers who develop regulations to determine the operation boundaries of the organization. Understanding the concept of security issues helps policy-makers to develop laws that criminally bind individuals to restrictions of posing security threats to the organizational IT systems. Following from the policies established, the determination of wrongdoing becomes possible for the individuals. With increased reliance on the use of information technology systems for business and organizational transactions, the importance of learning and understanding security issues becomes pertinent to the success of the organization. This is because, lack of such knowledge may result in failure to adhere to regulations and exposure to security risks, both instances of which affect the effectiveness of implementing organizational strategies.
Example of Security Issues
A perfect example of security issues in organizational IT systems is the case of Yahoo! customer data leaks in 2013, which resulted in illegal access to the accounts of over 3 billion customers by a hacker. In this instance, the organization put information technology systems in place to collect customer information, store such information, and disseminate the information efficiently and effectively. While the data had all the features of data integrity including protection of access by other users and organizations without consent, there was a breach of security. The type of security issue at hand was information access, which resulted to loss of trust in the organization. The organization lost a large percentage of its business to its competitors due to the impact of the security issue on the organizations IT system. This is an indication that, even for technology leaders, security issues are still challenging and understanding how they can be mitigated is essential for the success of the organization (Trautman and Ormerod 2016, p.1231).
The purpose of
this essay was to discuss security issues in organizational IT systems. The
paper commenced by defining security issues in organizational IT systems.
Thereafter, a discussion of the application of the concept in the business
organization was presented, following with an analysis of the advantages and
disadvantages of the concept. The paper then gave the types of the concept,
importance, and an example demonstrating the impact of the concept on business
strategies. It has become apparent from the discussion that one of the most
challenging elements of security issues in IT systems is the dynamic nature of
the systems. Organizations need to keep innovating new ways through which
security issues can be addressed or miss the strategic advantages of the
concept. Understanding how the concept affects the organization also helps in
the prediction of future policy outcomes ensuring adherence that is more effective.