INFORMATION SYSTEMS SECURITY
INTRODUCTION
Saudi Telecom Company (STC) is a leading telecommunications service provider not only in Saudi Arabia. The firm has expanded its business to other countries such as Malaysia although their dominance in the Middle East is still apparent despite the market competition. The company operates Jawal and Hatif network systems and various internet services providers like QUICKNET, broadband services as well as television services (Helms, 2019). Their long time vision has been ten to become the Middle East’s leading provider in innovative services and platforms to acquire massive digital transformation. They aim to acquire this by being a leading digital provider of internet services as well as internet and television services. Their mission of being a leading service provider has allowed them to expand their operations from Saudi Arabia to areas such as Sudan in Africa. They managed to link these two regions through the submarine communication system via cabling. Their success has been attained by creating and following a strategic business plan with specified goals (Pearlson, 2019). Their business strategy encompasses values that enable the company to reach great efficiencies as well as helping them prepare for the future market. They set specific goals and use DARE to ensure this is attainable. Digitalize includes transforming the company into a data-driven Organization, Accelerate the main asset performance includes improving data economics; Reinvent the experiences of customers to world-class standards and simplifying customer interactions and Expand which includes the scope of sales covers connectivity and adjacent applications and services (DARE). They have been using these tactics to attain their goals hence their long existence in the market (Alhassan, Sammon, & Daly 2019). This review will be highlighting a major problem that STC has to counter for them to improve their operations. Also, it encompasses the solution to that problem as well as highlighting the benefits that the company will gain by adopting the said solution to counter their technical problem.
BUSINESS PROBLEM. Don't use plagiarised sources.Get your custom essay just from $11/page
Despite its success, the Saudi Telecom Company (STC) has experienced various challenges over the years. Their constant success has attracted many cases of cyber attacks on its website that has constantly affected their operations. Although the company has continued to deny cases of hacking, there have been reports that their web page has been hacked on various instances, something that their spokesman Amjad Shaker denied in 2017. Hacking and cyber crimes are some of the reasons (Raguseo,2018) STC prioritizes their security both in their databases and websites. However, hackers are always coming up with new technological advancements to weaken and invade the system. Coming up with an effective plan to ensure that the database systems of the company are impenetrable should be among the top priority. Hacking of STC database would expose a lot of confidential client information hence violating privacy rights. For such a company to be under constant cyber-attack, their Information Technology team has constantly tried to come up with ways of countering these cyber attacks (Mwambe & Echizen, 2017)
Cybercrimes for STC have been contributed to various reasons. For instance, there is an overwhelming number of hackers trying to extract foreign information from popular sites. The fact that STC’s site has previously proven to be hackable, the site is constantly undergoing online threats. The main contributor to cyber attacks is the availability of online content and new ways of hacking various online systems. Improvement of technological platforms has greatly contributed to the problem and no doubt, if it is not countered, the company is at risk of losing a lot of information to hackers. Companies such as Apple have perfected their cybersecurity and STC being a household name in the Middle East and are targeting to penetrate the international market.
PROPOSED SOLUTION
According to Arduin, & Vieru Information Systems Security includes the various processes and methodologies that are used to keep recorded information easily available, confidential as well as ensuring that its integrity is upheld (2017). These systems ensure that data is protected despite its location as well as pointing out incidences of security breaches and documentation of these events.STC adopting the necessary Information Systems Security would be the best solution to counter any future cyber attacks. With the many clients and individuals viewing their websites and contacting the company, a lot of personal client information is at stake with a penetrable system in place. This covers risk assessment in that the information that is highly at risk will receive more stern security measures. This system would also be applicable in the protection of any form of data even mere phone conversations between the company and their client. It also encompasses various professional security access such as data recovery planning and this will help the telecommunications company continue with their operations even during a major business disruption. There are various assumptions linked to information technology systems. For instance, if an organization adopts these security systems, they might not think that they constantly require upgrades due to the constant upgraded hacking versions. However, many companies are not aware of the existence of these platforms and therefore they put their information at risk (White, Hewitt, & Kruck 2019).
According to Lamba et al, For STC to adopt this strategy, they will be taking a bold risk both financially and security-wise (2017). With the much confidential content in their databases, STC’s adoption of these systems will involve putting a lot of trust in software to take care of their confidential information. Also, new strategies are bound to fail especially when used for the first time in an organization. This is because they had not been counterchecked to prove that they are fit to handle the task. This will also involve a lot of financial risk for STC. Financially the telecommunications firm will have to invest in a lot especially in the training of information systems security. These system securities can be soft wares which are highly expensive and therefore costing the company a lot of money. Despite the purchase of the systems, the Information Technology technical team should be well trained to have prior knowledge of how this system works. Saudi Telecom Company is a well-established entity with a well set Information Technology team. However, Mamaghani observed that any single incident of hacking can cost the company millions in lawsuits and also loss of classified content (2017). For instance, even the payroll of employees that are digitally recorded can be publicly displayed hence causing a menace.
Other alternatives for STC would include ensuring that they adopt a high-security firewall that will ensure that they do not face cyber attacks from online data mining predators (Alshaer, 2019). Without the adoption of a high-security firewall or an effective Information Systems Security, then STC will not only be putting their personal company information at risk but also millions of identities and addresses will be at risk of hacking hence putting the safety and security of their company and customers at risk.
EXPECTED BENEFITS AND BUSINESS IMPACTS
There will be many benefits that Saudi Telecom Company (STC) will acquire from adopting Information Security Systems. Being a large corporation that harbors a lot of personal information, they are at risk from cyber-attacks and therefore finding a way to counter this menace would greatly improve their security systems. All information including company data, personal information, and devices using iCloud will be safe. Importantly, these security systems will improve the ability of STC to be resilient to foreign attacks (Claycomb & Nicoll, 2016). With a proper Information Security Management System in place, a framework in which all the company information will have a central place in which they can easily access and manage. With the evolving technological advancements, STC will have reduced technology-based risks and threats, especially to the less informed staff. The online threats that are constantly evolving will also be unable to affect STC’s operations. A lot of money is also saved through reducing the costs in which the company constantly spends money on defensive technology that probably will not work. Most importantly, this approach not only covers Information Technology but also enables their employees to understand any risks as well as security system controls in conducting their daily activities (Kosutic & Pigni, 2018). All these benefits consequently lead to improved business operations for Saudi Telecom Company. With a proper security system in place, the company will earn customer confidentiality and many clients will feel safe conducting business with the company. This will enable STC to improve its operations and expand to other parts of the world.
ROAD MAP (SCHEDULE AND MILESTONE)
| Understand STC background | Ensure one identifies top organizational goals Identify the strengths and weaknesses of the organization |
| Identifying opportunities to improve. | Classifying online attacks to come up with a measure to curb each. Identify all weak links in the company that can cause cyber attacks |
| Create work initiatives. | Identify all work systems affected by cyber attacks. Work on closing the milestones that affect the business. Work on ensuring that these weak links do not reemerge and disrupt work activities.
|
RECOMMENDATIONS AND CONCLUSION
Saudi Telecom Company should focus on ensuring that they come up with a proper security system for their company’s sake. A proper Information Technology team should be put in place to ensure that they always update company data according to the safest technological means. It is most recommended that STC acquire the latest forms of technology that protects their company software from attacks (Humayed, 2017). Proper security systems are important, especially with evolving cyber technologies.STC will not only be able to improve its operations but they will be able to expand their business to other continents without cybercrime attack fears. Similarly, other major companies such as Amazon which operate internationally have a highly secured firewall and this translates to their tremendous international online business. Similarly, Saudi Telecom Company is bound to increase its revenue once it comes up with ways of countering cybercrimes. Conclusively, just as reviewed above information system security is an important aspect that should be adopted by any company willing to improve and secure their data systems.
References
Alhassan, I., Sammon, D., & Daly, M. (2019). Critical success factors for data governance: a telecommunications case study. Journal of Decision Systems, 28(1), 41-61.
Alshaer, M. M., Al-Akhras, M., & Albesher, A. (2019, April). Security-Aware Deployment of SDN-NFV in TELCOS Networks. In 2019 4th World Conference on Complex Systems (WCCS) (pp. 1-5). IEEE.
Arduin, P. E., & Vieru, D. (2017). Workarounds as means to identify insider threats to information systems security. Association for Information Systems.
Claycomb, W. R., & Nicoll, A. (2016, July). Insider threats to cloud computing: Directions for new research challenges. In 2012 IEEE 36th Annual Computer Software and Applications Conference (pp. 387-394). IEEE.
Helms, J. (2019). Information Systems Security Policy Management: A Literature Review.
Humayed, A., Lin, J., Li, F., & Luo, B. (2017). Cyber-physical systems security—A survey. IEEE Internet of Things Journal, 4(6), 1802-1831.
Kosutic, D., & Pigni, F. (2018). Exploring the Impact of Information Security Practices on Competitive Advantage.
Lamba, A., Singh, S., Balvinder, S., Dutta, N., & Rela, S. (2017). Mitigating Cyber Security Threats of Industrial Control Systems (SCADA & Dcs). In 3rd International Conference on Emerging Technologies in Engineering, Biomedical, Medical, and Science (ETEBMS–July 2017).
Mamaghani, F. (2017). Cost-Benefit Analysis of Information Systems Security. Journal of Academy of Business and Economics, 17(1), 23.
Mwambe, O. O., & Echizen, I. (2017, March). Security Oriented Malicious Activity Diagrams to Support Information Systems Security. In 2017 31st International Conference on Advanced Information Networking and Applications Workshops (WAINA) (pp. 74-81). IEEE.
Pearlson, K. E., Saunders, C. S., & Galletta, D. F. (2019). Managing and using information systems: A strategic approach. John Wiley & Sons.
Raguseo, E. (2018). Big data technologies: An empirical investigation on their adoption, benefits, and risks for companies. International Journal of Information Management, 38(1), 187-195.
Soomro, Z. A., Shah, M. H., & Ahmed, J. (2016). Information security management needs a more holistic approach: A literature review. International Journal of Information Management, 36(2), 215-225.
White, G. L., Hewitt, B., & Kruck, S. E. (2019). Incorporating global information security and assurance in IS education. Journal of Information Systems Education, 24(1), 1.