Sunday, December 8, 2019

Case Study of the Verizon Wireless Organization-Free-Samples

Question: Make an IS report on the entire case study of the Verizon Wireless organization of the United States. Answer: Introduction Information system is the particular organized system that helps to collect, organize, store as well as communicate and operate all types of data or information. It can also be defined as the group of elements or components that help any organization to execute any type of data operation and thus making it absolutely safe and secured (Laudon and Laudon 2016). It is the specific type of computerized database which is run by the organization. There are some of the most dangerous risks present in any information system. The following audit report outlines a brief discussion on the risks of information system in the case study of Verizon Wireless organization. Background of the Case Verizon Wireless organization is the most popular and recognized company, which mainly operates in the United States of America. It was founded in the year of 2000. It serves all kinds of wireless products or services to its customers (Fox News. 2018). It is the subsidiary of the Verizon Communications that has around 149 million subsidiaries. The organization has its headquarters in Basking Ridge, New Jersey. This organization mainly operates the national 4G LTE network and thus covering around 98percent of the total wireless service provider. The most significant and important services of Verizon Wireless organization mainly include LTE Internet connectivity and the extremely high speed Internet service with restricted broadband options and the connectivity is up to 20 Wi-Fi enabled devices (Fox News. 2018). Apart from these, television and telephone services are also provided by this particular organization of Verizon Wireless. The most reason for the exclusive growth and development of the Verizon Wireless organization is their information systems. The data or the information of this organization is stored in the information systems and thus they have the ability to retrieve their data from the databases easily and promptly. The important advantage that Verizon Wireless enjoys from their information system is the easy operation of all the data and information (Laudon and Laudon 2015). Moreover, they can easily manage and control all the activities of their employees. However, these information systems are often prone to various types of threats and vulnerabilities and have the high chance of getting the data or information exposed to the world. Although, there are few mitigation techniques for controlling all the risks of the information systems. In July 2017, the information system of Verizon Wireless was leaked and all the necessary data were leaked. The information mainly comprised of the account details of 14 million customers. It also consisted of personal details of the customers, such as the name, contact details and addresses (Fox News. 2018). The entire world was shaken with this data breach. They were leaked on the cloud. The non configuration of the cloud based repository file was the major reason of this data breach. NICE Systems was the owner of that cloud based software. The information was accessed through S3 bucket of AWS (See Appendix A). IS Risks NICE Systems was the third party vendor of the telecommunication organization, Verizon. Since, the cloud repository file was not configured; the information system was breached (Demir and Krajewski 2013). These risks were extremely vulnerable for the information systems of the organization as they were not able to identify them in the beginning so that they would be able to mitigate or stop them on time. The main problem that Verizon Wireless faced during the security breach was the lack of data mitigation strategies. There were several important risks in the case study of Verizon Wireless (Von Solms and Van Niekerk 2013). The most significant risks of this particular organization with their level of security as well as the implications are given below: Serial No. Information System Risks in Verizon Case Study Description of the Risks Level of the Risk Identified Implications of the Risks 1. Lack of Cyber Security Policy This was the most significant risk in Verizon case study. The organization did not comprise of a cyber security policy and thus the IS was vulnerable to risks (Wang and Lu 2013). High i) The employees did not have the idea of cyber security. ii) Partners stealing the credentials. 2. Lack of Encryption The data or the information was not encrypted and thus there is a high chance that the data was lost. High The hackers hacked all the data or information. 3. Lack of Monitoring Database The organization did not monitor their database and thus was exposed to the world (Hahn et al. 2013). Medium The database was obsolete of this organization and thus was breached easily. 4. Lack of Antivirus Software The information system did not have antivirus software. Medium The data or the information got easily breached as they were not protected (Elmaghraby and Losavio 2014). Audit Plan, Objectives and Procedures The audit plan of the organization of Verizon Wireless is as follows: Identification of Audit Engagement Defining Report Requirement Conflict in the Interest Assessment (Sou, Sandberg and Johansson 2013). Assessing the Risks Accessing the Database, Vital Records and Documents. The specific process for maintaining the audit within the organization of Verizon Wireless is given below: Notification to all Employees. Discussing the Scope as well as Objectives Gathering Information on Vital Processes (Wells et al. 2014). Evaluating the Existing Controls Executing the Audit Plan The objectives and procedures of audit in this organization are as follows: Serial No. Audit Objectives Audit Procedures 1. Training employees about cyber security policies Auditing the information systems of the employees and verifying the fact that they are not used for any illegal acts 2. Imposing strict laws for any type of illegal activities Verifying whether all the employees are following all the rules and thus securing the information systems (Razzaq et al. 2013). 3. Checking whether the database is obsolete or not. A technical officer should be appointed, who can check all the databases regularly and thus maintaining security. Audit Questions and Documents The various audit questions and documents in this case study are given below: Do the employees follow cyber security policy? Are all the procedures and specifications controlled? Can employee identify which documents cover audit or inspection? Do employees know what the most current revision of the document is? Is the database perfect for the organization? Is the data or information encrypted or not? What are the measures taken for controlling cyber security? How to monitor as well as track the activities of the employees? Control Recommendations Serial No. Controls 1. Implementing security policy within the organization. 2. Data or information should be encrypted before sending or receiving (Jouini, Rabai and Aissa 2014). 3. Regular monitoring of database for assuring lack of obsoleteness. 4. Installing antivirus in all the sectors so that breaching is stopped. Conclusion Therefore, from the above discussion it can be concluded that information system can be defined as the specific organized system, which is responsible to help in collecting, organizing, storing, communicating as well as operating any type of information or data. It can also be defined as the set of components or elements, which help all organizations or company in executing all types of operation in data and hence making it absolutely safe and secured. It is the specific type of computerized database which is run by the organization. There are some of the most significant threats and risks present in all the information systems. The above audit report has outlined a detailed discussion on the threats or risks of information system in the case study of Verizon Wireless organization. The audit plan, objectives or procedures are also given here. References Demir, I. and Krajewski, W.F., 2013. Towards an integrated flood information system: centralized data access, analysis, and visualization.Environmental Modelling Software,50, pp.77-84. Elmaghraby, A.S. and Losavio, M.M., 2014. Cyber security challenges in Smart Cities: Safety, security and privacy.Journal of advanced research,5(4), pp.491-497. Fox News. 2018.Verizon data breach: 14 million customers reportedly exposed. [online] Available at: https://www.foxnews.com/tech/2017/07/12/verizon-data-breach-14-million-customers-reportedly-exposed.html [Accessed 11 Apr. 2018]. Hahn, A., Ashok, A., Sridhar, S. and Govindarasu, M., 2013. Cyber-physical security testbeds: Architecture, application, and evaluation for smart grid.IEEE Transactions on Smart Grid,4(2), pp.847-855. Jouini, M., Rabai, L.B.A. and Aissa, A.B., 2014. Classification of security threats in information systems.Procedia Computer Science,32, pp.489-496. Laudon, K.C. and Laudon, J.P., 2015.Management Information Systems: Managing the Digital Firm Plus MyMISLab with Pearson eText--Access Card Package. Prentice Hall Press. Laudon, K.C. and Laudon, J.P., 2016.Management information system. Pearson Education India. Razzaq, A., Hur, A., Ahmad, H.F. and Masood, M., 2013, March. Cyber security: Threats, reasons, challenges, methodologies and state of the art solutions for industrial applications. InAutonomous Decentralized Systems (ISADS), 2013 IEEE Eleventh International Symposium on(pp. 1-6). IEEE. Sou, K.C., Sandberg, H. and Johansson, K.H., 2013. On the exact solution to a smart grid cyber-security analysis problem.IEEE Transactions on Smart Grid,4(2), pp.856-865. Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber security.computers security,38, pp.97-102. Wang, W. and Lu, Z., 2013. Cyber security in the smart grid: Survey and challenges.Computer Networks,57(5), pp.1344-1371. Wells, L.J., Camelio, J.A., Williams, C.B. and White, J., 2014. Cyber-physical security challenges in manufacturing systems.Manufacturing Letters,2(2), pp.74-77

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.