(1) Information systems have become the
backbone of most organizations. Most
companies and institutions rely heavily on their information system. Banks,
online travel agencies, tax authorities, and electronic bookshops can be seen
as IT companies, modern supermarkets given the Central role of their
organization systems. A business process describes the flow of work within an
organization, huge volumes of data accumulate. These data play an important
role in contemporary organizations and must be stored, managed, and processed,
which come into pay information system. Business process and activities
consists in an organization and technical environment. Organizations undertake
promotional activities and offer their products at competitive prices boost
sales, but a product that is not available. Sale and marketing systems are driven
by software addressing the product, place, price and promotion. A delivery
system is an information system that supports the delivery of goods to
customer. These systems are to plan and schedule when and in what order
customer receive their products. These systems support the flow of money within
and between organizations. Enterprise information systems only support the
production of products they also support the design of products. Many
organizations aim to automate their business process.
The various types of enterprise information systems have different
levels of granularity. Organizations large and small, private and public have
come to rely on information systems for their day-to-day operation, planning,
and decision making. Many of the changes can be attributed to information
systems that now operate widely over the Internet.
The business process of a virtual organization is organized according to
models as a basis for workflow between partners. Structured and predetermined
processes require workflow automation and inter organizational information
system, which support data exchange between information systems of partners in
a virtual organization. Information system controls the responsible person and
the process flow. It needed forms input and output data on each process step. The
four building blocks are networked process – e-business enabled direct
co-operation between partners and organization core process, business bus –
e-business enabled co-operation between partners based on high level of
standardization, electronic services – e-business enabled co-operation with
externalized services, service integrator – e-business enabled co-operation
with new player – information – within business networking. Information systems
(IS) existed in organizations long before the advent of information technology
(IT) and, even today, there are still many systems present in organizations
with technology nowhere in sight. Information systems (IS) are the means by
which people and organizations increasingly utilizing technology, gather,
process, store, use and disseminate information. Airlines, comparison websites,
banks and some public agencies have systems where no human intervention is
required. People can find it difficult distinguishing between IS and IT because
the technology seems to overwhelm their thinking, obscuring the business
information system that the technology is intended to support or enable. (Yu, 2004)
(2) The history of information security
begins with computer security. The need for computer security-that is, the need
to secure physical locations, hardware, and software from threats-arose during
World War II when the first mainframes, develops to aid computations for
communication code breaking, were put to use.
Today, the Internet brings millions of
unsecured computer networks into continuous communication with each other. The
security of each computer’s stored information, as well as a realization that
information that information security is important to national defense. The
growing threats of cyber attacks have made governments and companies more aware
of the need to defend the computer-controlled control systems of utilities and
other critical infrastructure.
A successful organization should
have the following multiple layers of security in place to protect its
Physical security, to
protect physical items, objects, or areas from unauthorized access and misuse.
Personnel security, to protect
the individual or group of individuals who are authorized to access the organization
and its operations.
Operations security, to
protect the details of a particular operation or series of activities.
Communications security, to protect
communications media, technology, and content.
Network security, to
protect networking components, commotions and contents.
Information security, to
protect the confidentiality, integrity and availability of information assets,
whether in storage, processing, or transmission. It is achieved via the
application of policy, education, training and awareness, and technology. (Learning)
Information systems are frequently
exposed to various types of threats which can cause different types of damages
that might lead to significant financial losses. Information security damages
can range from small losses to entire information system destruction. The
effects of various threats vary considerably. Currently, organizations are
struggling to understand what the threats to their information assets are and
how to obtain the necessary means to combat them which continues to pose a challenge.
organizations become vulnerable to various types of threats. In fact, their
information becomes exposed to cyber attacks and their resulting damages.
Threats come from different sources, like employees’ activities or hacker’s
attacks. Vulnerabilities consist of weaknesses in a system which can be
exploited b the attackers that may lead to dangerous impact. (Mouna Jouini, Latifa Ben Arfa Rabai, May 2014)
Threats are divides into two categories:
technical and non-technical.
Data Security Threats to Information Systems
Security Architecture. Network protection results in increased
vulnerability of the data, hardware, and software, including susceptibility to
malicious software (malware), viruses, and hacking. Security architecture is
essential and provides a roadmap to implementing necessary data protection
Client Side Software and Applications. Computers run a variety of
software applications, including older versions.
and Targeted Attacks . (e.g., hackers) target individuals and
organizations to gain access to personal information is through emails
containing malicious code-this is referred to as phishing. Once infected emails
are opened, the user’s machine can be compromised.
Web sites. Malicious code can be transferred to a computer
through browsing WebPages that have not undergone security updates.
Configuration Management. Weak data security protection measures
that do not restrict which machines can connect to the organization’s network
make it vulnerable to this type of threat.
Devices. Mobile devices, laptops or handheld devices, including smart
phones, are exploding; however, the ability to secure them is lagging behind. Cloud
Computing, Removable media, Botnets and Zero-day Attacks.
Cyber Security Threats to Information Systems:
Insider, Poor Passwords, Physical Security, Insufficient Backup and Recovery,
Improper Destruction, Social Media, Social Engineering. Organization’s
information system and highlights the importance of implementing a broad
approach to data security protection, encompassing both technical and
non-technical solutions. (Center, 2011)
use many different methods
could be computer viruses, worms, Trojan horses, dishonest spyware, and
malicious root kits-all of which are defined below.
virus: Computer virus is a small piece of software that can
spread from one infected computer to another.
security software: Rogue security software designed to lure
people into clicking and downloading malicious software.
horse: Trojan horse software simply by downloading an application
they thought was legitimate but was in fact malicious. Trojan horse can do
anything from record your passwords by logging keystrokes.
spyware: Malicious spyware is used to describe the Trojan
application that was created by cybercriminals to spy on their victims.
Computer worm is a software program that can copy itself from one computer to
another, without human interaction.
Botnet is an group of computers connected to the Internet that have been
compromised by a hacker using a computer virus or Trojan horse.
in the security context is primarily used to describe email spam- unwanted
messages in email inbox.
Phishing scams are fraudulent attempts by cybercriminals to obtain private
Rootkit is a collection of tools that are used to obtain administrator-level
access to a computer or a network of computers. (Sanchez, Dec 9, 2010)
impacts of ransomware on business organization. Ransomware threatens to publish
the victim’s data and organization’s data or perpetually block access to it
unless a ransom is paid. Ransomware may lock the system, which it encrypts the
victim’s files, making them inaccessible and demands a ransom payment to
decrypt them. Ransomware likely come about as a result of both improved
education of computer users and the work of both computer security professionals
and antivirus companies. Ransomware the appearance of two new self-propagating
threats in the form of WannaCry and Petya. Many organizations caused global
panic, catching with infections spreading rapidly across corporate networks.
Ransomware sending to email addresses in
addition to a growing number of targeted attacks directed at organizations.
Ransomware attacks, the compromise of an organization’s network and infection
of multiple computers is locked, typically by encryption and payment is
demanded before the ransomed data is decrypted and access returned to the
victim. The information technology supporting the virtual organization model is
varied, ranging from simple communication technology such as e-mail, fax and
teleconferencing to groupware, videoconferencing and inter-organizational
linkages such as EDI (Palmer 1998). All services mentioned are Internet
Ransomware is a type of malicious
software from crypt virology that threatens to publish the victim’s data or
perpetually block access to it unless a ransom is paid. Ransomware may lock the
system. Ransomware attacks are typically carried out using a Trojan that is
disguised as a legitimate file that the sure is tricked into downloading or
opening when it arrives as an email attachment. 2012 the use of ransomware
scams has grown internationally. The first known malware extortion attack, the
“AIDS Trojan” written by Joseph Popp in 1989, had a design failure so severe it
was not necessary to pay the extortionist at all. Its payload hid the files on
the hard drive and encrypted only their names, and displayed a massage claiming
that the use’s license to certain piece of software had expired. Money
collection method is a key feature of ransomware. The attacks in a field called
Crytovirology, which encompasses both overt and covert attacks. The Cryptoviral
was inspired by the forced symbiotic relationship between H.R. Giger’s face
hugger and its host in the move Alien.
In December 2013, ZDNet estimated based on Bitcoin transition
information that between 15 October and 18 December, the operators of
Cryptolocker had procured about US$27 million from infected users. In August
2014 discovery of a Trojan specifically targeting network- attached storage
devices produced by Synology. In January 2015, it was reported that ransomware
– styled attacks have occurred against individual websites via hacking, and through ransomware designed
to target linux- based web servers. Some ransomware strains have used provies tied
to Tor hidden services to connect to their command and control services,
inceasing the difficulyt of tracing the exact location of the criminals.
Ransomware to be the most dangerous
cyber threat. Mobile ransomware typically targets the Android platform, as it
allows applications to be installed from third- party sources. While another
used a form of dick Jan caking to cause the user to give it “device
administrator” privileges to achieve deeper access to the system. In May 2017,
the WannaCry ransomware attack, unprecedented in scale, infected more than 230,000
computers in over 150 countries, using 20 different languages to demand money
from users using Bitcoin crypto currency. WannaCrypt demands US$300 per
computer. On June 27, 2017, a heavily modified version of Petya was used for a
global cyber attack primarily targeting Ukraine. The impact of WannaCry was
pronounced in some cases. For example, the National Health Service in the U.K.
was heavily affected and was forced to effectively take services offline during
the attack. Published reports suggested that the damages caused to the
thousands of impacted companies might exceed $1 billion. Ransomware are known
to be delivered as attachments from summed email, downloads from malicious
pages through advertisements, or dropped by exploit kits on to vulnerable
systems. Ransoware is subset of malware in which the data on a victim’s
computer is locked, typically by encryption, and payment is demanded before the
ransomed data is decrypted and access returned to the victim.
(4) Organization prepared to at any time. No
organization is too small to come under attack, so it is best to be prepared. Companies
without a plan may waste valuable time trying to organize a core team and put a
strategy in place. Develop a cyber security response plan.
Cyber security breaches so
frequently in the news. Firm or organization understands how critical it is to
have a plan in place.
Company agree that being prepared to respond to a cyber security breach
is imperative; it is time to develop an incident response plan. The goal of
this plan is to manage that will limit damage and minimize recovery time and costs.
To begin, create a designated cyber security response team comprised of people
from various parts of the organization.
a Postmortem Meeting
After a cyber security
breach or drill, host a meeting to discuss what went well and what could be
improved in the future. This will ensure that you are better prepared the next
To familiarize the
incident response team with these steps, drills should take place on a regular
basis. Small scale drills mimicking low-impact incidents and larger scale
drills that prepare the team for a significant attack should take place
annually. Practice ensures that each person who is part of the incident
response plan understands his or her role. (Prepared for a Cybersecurity
Every organization needs
not only a response plan, but also a team that will implement it. So, a key
factor for success will be the support of senior management. Relevant
stakeholders from departments that may be affected by an incident will need to
be included as part of the response team. The technical staff, who will
implement the plan and possess the skills to remediate damage.
feel that every position in the response team needs to be filled by in-house
staff. External expertise should be considered for the specialist skills, and
experience with similar incidents, that can be brought to the team. The
composition of the team also needs to be regularly reviewed.
Teams should adopt the model of: plan, do, check and act.
Plan Establish objectives, policies and
procedures to meet the requirements of
Do Implement these policies and procedures.
Check Verify if these are effective at meeting
objectives in practice.
Take action to modify plans according to
experience gained to refine and improve. (Symantec)
Cyber Security Top Tips to find
out if you organization is fully protected against a cyber attack.
malware across your organization and protect all host and client machines with
antivirus solutions that will actively scan for malware.
Password Security; May
seem elementary are still extremely important when ensuring that everyone
within your organization understands the implications of not following password
Network Security; A
secure network that is robust enough to protect internal and client data is
essential. It is extremely important to have strong ACLs (access control Lists)
on all network devices to prevent breaches by would-be hackers.
Secure Configuration; A
corporate policy and processes to develop secure baseline builds, and manage
the configuration and use of your ICT systems are essential.
User Privileges; The
number of privileged accounts with control access to audit logs should always
be limited and regularly updated. Creating new user accounts, changes to user
passwords and deletion of accounts and audit logs. The danger of not managing
this correctly can mean information falling into the wrong hands.
Incident Management; The
incident management plans (including disaster recovery and business continuity)
all need to be regularly tested. Your incident response team will need
specialist training across a range of technical and non-technical areas to
ensure they are fully prepared to handle any scenario.
Monitoring strategy needs to take into account previous security incidents and
attacks, to contribute towards your organization’s incident management policies.
Removable media policies control the use of removable media for the import and
export of information. Scan all media for malware using a standalone media
scanner before any data is imported into your organization’s system.
Mobile Working; In order to develop appropriate security policies that
fully protect your organization you need to assess the risks to all types of
mobile working. Apply the secure baseline build to all types of mobile device
(5) Employees working in public sector face
ethic and working culture problems. They are constantly communicating with
people, help them to solve their problems every day, inform people about
governmental decisions. When having some contact with employees at
municipality, people judge the morality and working culture of higher officers
and public institution according to their behavior. Therefore ethic and working
culture of municipality employees should be as high as possible. Ethic is
important not only in communication with customers, it’s important also
internally in the organization, in the mutual relations between colleagues and
Public officers meet various ethical problems at their work. Ethical
problems might cause various different consequences. Ethical problems might
occur and disappear or have continuous character.
aim of article – to investigates the problems of ethics and working culture
in public sector.
Research objectives – the
problems of ethics and working culture in public sector.
Research methods – analysis
of scientific literature, analysis of legislation, survey with questionnaire,
statistic analysis of the data, graphical modeling, specifying, summarizing and
We use notions of ethics, morality, virtue the other similar ones quite
widely. Sometimes we use these notions in wrong places, very often we identify
them, use them as synonyms.
The most common problems of ethics and working culture in the public
sector would be the following: trick and lie; gifts, grafts, corruption;
misuse; conflict of interests; sexual harassment.
The ethical and working culture problem quite often met in the public
sector is trick and lie. A trick might be also understood as a purpose or
result seeking selfish interests.
Corruption means actions performed using tenable power, by which the
legal norms, interests of society and accepted norms of morality are breaches
and by which personal or group benefit is reached. Corruption is first of all
an ethical and only then a legal or administration problem. Gifts, grafts,
corruption are closely related.
Society especially worries when it becomes clear that official status is
used for personal purposes. The benefit received by the public officer is
evaluated as inappropriate, not ethical and in many cases illegal. Public
officers cannot get direct or indirect financial or other benefit from the official
Raupeliene, Dalia Perkumiene, 2007)
The main property-related political issue concerns the creation of new
property protection measures to protect investments made by creators of new
software, digital books and digital information.
Many new technologies in the industrial era have created new
opportunities for committing crime. Computer crime is the commission of illegal
acts through the use of a computer or against a computer system. Computer abuse
is the commission of acts involving a computer that may not be illegal but are
considered unethical. Privacy is the claim of individuals to be left alone,
free from surveillance or interference from other individuals or organizations,
including the state. (Kenneth C. Laudon. Jane P.Laudon,