| Introduction | | | | by the company. In this regard, a problem may arise |
| Businesses have now realized that the security of | | | | out of the design of the software being used. This |
| their information could make or break their | | | | usually means that the system is not protected from |
| organization. For this particular paper, the discussion | | | | vulnerabilities associated with the system and this |
| will be limited to the security threats and risk factors | | | | may prove to be difficult for the company. Such a |
| associated with baby products production | | | | scenario may be an intended consequence of |
| Vulnerabilities of the system | | | | choosing an operating system that is low on security. |
| Potential of external and internal threats | | | | Because the use of high proof security software |
| Information systems have become highly | | | | could prove to cause slow progress within the |
| complicated. Consequently, there is a need to | | | | company, then it would be advisable for one to |
| establish a comprehensive approach to deal with | | | | consider another mechanism for handling this scenario. |
| external threats. One of the most common yet | | | | It should also be noted that there are certain |
| dangerous external threats is the issue of hacking. | | | | circumstances in which the coding information can be |
| Since the company places considerable information | | | | messed up. For instance, in the case that a language |
| about its clients and itself in its information system, | | | | such as C++ or C is being used, then the baby |
| then chances are unauthorized persons may gain | | | | products company could experience integer overflow, |
| access to these pieces of information. (Borodzicz, | | | | buffer overflows, code injection among other issues. |
| 2005) | | | | (Gasser, 2005) |
| External threats may occur in the form of domestic | | | | In certain circumstances, system malfunctions can |
| or foreign competitors to the baby products | | | | occur at any one time. This usually means that the |
| company who may be interested in finding out trade | | | | main server within the company may malfunction and |
| secrets that would enable them to get ahead of the | | | | chances of these occurrences are quite unpredictable. |
| baby products company. In other circumstances, | | | | Besides this, there may be instances in which hackers |
| information brokers who operate on a freelance level | | | | may choose to enter into the computer system of |
| may do this kind of thing in order to benefit financially | | | | the baby product companies especially when there |
| from the endeavor. In other circumstances, it may | | | | are flaws within the system's encryption system. |
| be that there are hackers who engage in | | | | Levels of security that are appropriate to secure the |
| unauthorized entry of computer system for fun. In | | | | information system while allowing maximum amount |
| certain incidences, this may be out of malice from | | | | of uninterrupted work flow |
| persons with some psychological problems. Common | | | | The company under consideration is one in which |
| thieves may also break into the company's | | | | production continues on a twenty four hour basis. |
| information systems to as to steal laptops or | | | | Consequently, the use of certain extreme security |
| computers and sell them for profit. | | | | measures may slow down work. The company |
| External threats require a lot of attention owing to | | | | should begin by implementing some of the basis |
| the fact that the internet brings with it a lot of | | | | forms of risk management for information systems. |
| opportunities for hacking. In this regard, the internet | | | | First of all, passwords should be protected because |
| was created in such a manner that it did not consider | | | | passwords allow users the ability to either change, |
| the issue of security. There are intricate networks | | | | destroy or merely use the company's information. |
| that are connected and there are numerous ways in | | | | Consequently, the company under consideration must |
| which these systems can be interjected. Matters are | | | | do any of the following; it could attempt to protect |
| also made worse by the fact that intruders can | | | | the accounts of the administrator and the people |
| remain anonymous while doing some of the things | | | | using it so that no one can engage in unauthorized |
| that are related to information systems. It should also | | | | entry by using rare passwords. This system should |
| be noted that due to automation of systems, it is | | | | also be backed up by frequent changes to the |
| now possible for hackers to get into the baby | | | | passwords. Employees should also be prevented |
| products system without possessing serious | | | | from sharing passwords or information about it with |
| knowledge about it. Consequently, care should be | | | | one another. |
| taken by this company to guard against unauthorized | | | | The next step in implementing security within this |
| entry because it provides hackers with low cost and | | | | company is through the use of proper software. |
| low risk activities that have the potential to provide | | | | Software can be vulnerable to attack when there |
| high gains to the affected person. The Baby products | | | | are no mechanisms for installing new versions. In |
| company should therefore watch out for this type of | | | | certain circumstances, this can occur automatically. |
| risk. (Gorrod, 2004) | | | | However, in cases where this is not the cases, then |
| While internal threats receive little if any attention, | | | | the software vendors of that respective company |
| research has shown that their occurrence has the | | | | need to be checked from time to time to ensure |
| potential to create greater losses to companies | | | | that they adhere to those operations. (Scheier, 2006) |
| owing to the position of the offenders. Consequently, | | | | Antivirus software is another way in which threats |
| the same thing can happen to this particular company. | | | | can be minimized and this could be done through the |
| Internal threats to security may emanate from | | | | installation, operation and update of the antivirus. In |
| disgruntled employees who may want to get back to | | | | relation to the latter approach is the minimized use of |
| leaders of the organization. In other circumstances, | | | | the root or the administrator account which could |
| employees may simply be dishonest and may be | | | | lead to vulnerability to all the systems. |
| interested in advancing their financial or career | | | | Lastly, the company should also look for ways in |
| positions through unscrupulous means. It should be | | | | which it can minimize phishing through user education. |
| noted that this kind of security threat to information | | | | Employees should know that no reputable company |
| systems may be done through authorized access. | | | | would require the passage of confidential information |
| The baby products company is in danger of dealing | | | | such as security numbers though email and this |
| with any of the following forms of internal attacks | | | | signifies phishing. |
| - Financial fraud | | | | Conclusion |
| - Sabotage of networks | | | | Given the circumstances under which the latter |
| - Denial of service to clients | | | | company is operating under. Installation of certain |
| - Theft of proprietary data and information | | | | stringent safety measures may disrupt workflows. |
| Insider threats in this regard may be seen through | | | | Consequently, in order to deal with some of the risk |
| any of the following routes and they may include the | | | | factors, then the company should instate basic |
| compartmented unauthorized entry of computer | | | | safety measures such as the use of and update of |
| systems. In other scenarios, this could be seen | | | | good software, password protection, installation of |
| through the process of surfing in classified libraries. | | | | good antivirus and protecting the company against |
| The latter may apply to the baby products company | | | | phishing. |
| through the browsing supplier related websites. | | | | References |
| Additionally, it may apply to processing and storing | | | | Borodzicz, E. (2005): Crisis, Risk and Security |
| classified information on systems that have not yet | | | | Management, Wiley Publishers |
| been approved by the authorities. | | | | Gorrod, M. (2004): Risk Management Systems; |
| Natural or unintended events that can jeopardize the | | | | Palgrave Publishers |
| system | | | | Scheier, B. (2006): Digital security in a networked |
| There are a number of occurrences that can ruin the | | | | world; Pocket Books |
| information system for the baby products company. | | | | Gasser, M. |
| The first could lie in the type of software being used | | | | |