Information Systems for Managers

Internal Assignment Applicable for April 2022

Question 1:

Introduction: Technology is getting more evolved by the day. To keep up with this fast-
moving technological revolution many companies have begun providing services online. But
with doing business online poses some serious threats to organizations, especially banks.
Banks are becoming a favoured target for cybercriminals due to the nature of their business
and the type of data stored with them. The threats to security threats posed to the banks vary
in intensity and severity of their consequences, ranging from some being a minor
inconvenience to others causing serious financial damage and hurting the bank’s goodwill in
the market. To avoid these banks, invest heavily in strengthening their cyber security and put
strong methods and procedures in place.
Concept: There are many cyber threats faced by the banks, some of the serious ones are:
1. Data Breaches: Data breach is an event when attackers break through a company’s
cyber security and steal sensitive and confidential data. This threat has more severe
consequences if suffered by a bank because the bank stores the personal information
of its users, such as their name, address, nominees and their details, contact
information, financial status, credit reports, and other extremely sensitive information.
These types of data breaches are harmful in themselves but they can lead to more
serious threats such as identity theft, fraud, financial crimes, physical crimes, etc.
2. Software and data policy non-compliance: Banks have very critical data that needs
protection and their operations also need to be kept running smoothly, to ensure this
there are many regulations, revolving around how financial software and data should
be managed and used, that have been put in place to which the banks have to comply
mandatorily. Sometimes the banks overlook some compliances, and this negligence
poses serious threats as it opens the bank to many kinds of cyber attacks that can
cause serious financial losses. Missing out on compliances also invites heavy
penalties from the regulatory bodies and harms the reputation and goodwill of the
bank.
3. Unforeseen Outages: Banks heavily rely on technology to deliver their services any
outage due to technical failure can have bad consequences. An outage can be caused
by a system failure or a cyber-attack but in any case, the bank loses its business
during the outage and suffer financial losses. Also, outages can cause data loss and
disrupt business. To mitigate these banks have data recovery and disaster management
plans in place, data is backed-up regularly and redundant systems are implemented.
4. Insider threats: An insider threat occurs when members of an organization who have
the authorization to access an organization’s internal network and critical systems,
intentionally or unintentionally misuse that access and it impacts the organization's
critical data or systems negatively. Insider threats are the most common but the most
 difficult to manage, threats to banking organizations. In most cases, low-impact
threats from the insiders occur due to the carelessness of employees and are caused
when they make a mistake. It can be accidentally disclosing confidential information
outside the organization, accidentally inserting a USB drive with malicious software
in a critical system, or using a weak password on a privileged access account.
Sometimes this poses a serious threat when someone from inside the organization acts
against the organization with malicious intent. These bad actors can cause serious
damage because they have intricate knowledge and access to the system.
5. Phishing attacks: Phishing attacks uses social engineering to trick users into giving
up confidential information such as names, addresses, login credentials, credit card
information, and other financial information. Phishing attacks are conducted by
sending out fake emails that look like they're coming from trusted sources, such as
banks, friends, family, and colleagues. In phishing attacks, the main focus is to get
users to take some action, such as clicking on links in emails, redirecting them to fake
websites that ask for their personal information, or installs malware on their devices
without their permission.
Conclusion: There are serious security threats to institutions like banks and they can cause
extremely serious problems, but the risk of being affected by such threats can be minimized
by following good and effective digital practices such as:
1. Train your staff: To launch an effective cyberattack on an organization the attacker
needs information about the organization and often they try to trick the employees
into revealing sensitive information about the organization by using phishing attacks.
This can be minimized by properly training and educating your employees to comply
with the organization’s security protocols and, identify and protect themselves from
phishing attacks.
2. Keep all your software and systems updated and on the latest versions. This prevents
the attackers from exploiting known vulnerabilities in older versions of the software
as the software vendors patch those vulnerabilities in newer releases.
3. Install firewalls for critical systems, the firewalls help in keeping unwanted traffic
away and only legitimate systems get access to the critical systems. They act as a
deterrent for cybercriminals.
4. One of the very important activities to be performed in order to protect data is back-
ups. All-important data should be backed up regularly and stored offsite. It helps
recover quickly in the event of a cyber-attack and reduces the impact enabling a
business to resume services quickly.
5. Access Management is a very essential step in cyber security. Access to critical
systems should be only given to the employees who absolutely need it to perform
their jobs, in fact, no employee should have any access they don’t need. This protects
an organization from insider threats.

Question 2:

Introduction: Electronic governance or e-governance is defined as achieving the objectives

of governance using Information and Communication Technology (ICT). The government
uses technology to provide government services, facilitate the exchange of information, boost
communication, and integrate various systems to properly deliver and achieve the governance
goals. E-governance helps to build trust and transparency between the government and its
citizens by employing innovative and creative methods. The goal of the e-governance models
is to increase communication between the government and the citizens. One example of a
successful e-governance scheme in India is the Bhoomi Project introduced by the Karnataka
state government. The Bhoomi project aimed at delivering Land Records online. Under the
Bhoomi Project, over 20 million rural land records were digitized and delivered to 6.7 million
farmers of Karnataka. The success of the Bhoomi project led to the formation of the Bhoomi
system for online land records.
Noteworthy features of the Bhoomi project and the benefits that were derived from it
includes:

1. Production of digital a copy of the land records.

2. The RTC can be obtained by just using the landowner’s name as the rest of the information
is already available with the system.

3. The Bhoomi project provides a forum to submit land dispute documents.

4. The process for applying for mutation requests for sale or inheritance can be done online
using the Bhoomi portal and also the status and progress can be tracked.
Conclusion:
The introduction of the Bhoomi project led to faster operations as it provided facilities for the
landowners to apply for loans or disputes register disputes without much paperwork.
Therefore, it can be concluded in this case that, introducing e-governance promoted
transparency and trust between the citizens and the government.
Question 3: