Since the society has become progressively dependent on networks for business, the management of company’s information online has developed into an issue to be concerned. AIS, which is short for Accounting Information System, is not merely related to accounting information management as the business develops around the world.
In the various explanations of AIS in the Lecture 1, p12130 Accounting Information System, presented at the University of Nottingham Ningbo by Trevor Bayley, Vaassen (2002) defined AIS as provides information for decision-making and accountability to internal and external stakeholders providing the right conditions for decision making and ensures that no assets illegitimately exit the organisation. In terms of practice of business by networks, the security of information is important. This essay will first describe a related News story.
Then, several ways of illegally getting access to essential information by hackers will be provided. Moreover, considering the formation and reality of network business, the essay will analyse how to guarantee the security of a company from two aspects, externally and internally. Finally, a brief conclusion will be provided. Reported by BBC News (2011), hackers, who targeted crucial information of oil exploration and bidding contracts, have penetrated the networks of at least five oil and gas firms for years.
These penetrations started in November 2009 and are estimated to have touched a dozen multinational oil, gas and energy companies. Revealed by Greg Day, the director of security strategy at McAfee, cyber-attacks are more likely to invade the networks that are established by code and tools easily accessible on the internet. It is analyzed that hackers first control the external server of a company’s website in order to have access to internal networks.
Once the previous work done, hackers will make the internal network settings paralyzed for the purpose of obtaining sensitive documents, proprietary production data and other useful information. As a matter of fact, companies with website, containing important trade information and treasured IT properties, can be attacked by disaffected employees, hackers, competitors, industrial spies and so on. According to the news story reported by BBC (2011), at least five oil and gas firm have been invaded through the network for years, which denotes one of the computer fraud and abuse technologies, hacking.
The shocking news has reminded the author of the essay to consider what to do to protect company information. It is defined by Romney and Steinbart (2009) that ‘hacking is the unauthorized access and use of computer system, usually by means of a personal computer and a telecommunications network’. Several ways are being used by hackers to get access to computer for different purpose. War dialing is the means that hackers can break into the PC in connection with dial-up modem. As for war driving, it is an approach specifically focusing on unprotected wireless networks.
In addition, hackers can use botnet, named from robot network, to hijack the unwitting PCs, which is the action of controlling victim’s computer to perform illicit activities (ibid). These are mainly methods of hacking known around the information technology world. For Protecting Company’s business trade through the network and sensitive information of transactions, clients, and staff etc. , it is necessary for companies to implement relative measures. Confidentiality, integrity and authentication or availability are main technical areas that should be considered of computer security.
Explained by Kinkus (2002), confidentiality concerns about secrecy or privacy, meaning that information can only be accessed by authorized identities, while integrity is based on the protection against unapproved modifications which cannot be discovered by the authorized users. Authentication is defined as users of computer are who they entitled to be and Availability can be simplified as that information is available to authorized identities. Based on the three areas mentioned before, anti-virus software, virus-detection software and firewall are fundamentally needed.
Besides, the IT department should update its technology support timely and constantly. In views of how the network can be attacked by hackers, the process of the constructing a network of a company should be reviewed. First of all, when a website is being designed, the developer should ensure the script of the website is perfectly planned and repeatedly tested, not leaving any type of loop-hole for hackers to obtain confidential information of the company. In the second place, the users of network should carefully handle their crucial information.
Raines (2008) claimed that majority of cybercrimes are caused by the reason of users iving their information to unverified websites. To consolidate the precaution of users about cybercrime, an awareness may better be established that computer virus can guide itself into a computer with great ability without being discovered (ibid). Pay attention to all aspects of computer security, insider threats to information occupies a significant place. Although outsiders, for example, hackers, are generally regarded as a big threat to a company, the company staffs are actually putting a greater risk for security of company information.
In the perspective of Shaw et al (n. . ), increasing dependence on information technology enhance the reliance on technology workers who are involved with design, maintenance and operation of network system, leading to growing vulnerability to cyber-attacks. Learning from Lecture 8 of the Accounting Information System about Computer Crime and Abuse, the author of the essay relies on the ‘Fraud Triangle’ to analyze how to protect the security of a company’s network from inside threats. According to the ‘Fraud Triangle’, three basic dimensions should be considered, which are pressure, opportunity and rationalization.
Pressure can be divided into financial, emotional and lifestyle pressure. Financial pressure may be the most relevant to committing a computer fraud of an employee. As for opportunity, a disgruntled employee is more likely to perform fraud behaviors when there is a relatively big opportunity of committing the fraud, concealing the fraud and converting the theft or misrepresentation to personal gain. The third dimension of ‘Fraud Triangle’ is rationalization, a sort of psychological comfort that allows perpetrators to justify their illegal actions.
In other words, committed staff will defend for their behavior not as dishonest or crime but as guarding their own rights. On the whole, when a person has high pressure, an opportunity of committing a crime etc. and can rationalize personal feeling of integrity, the fraud behavior may be performed. Therefore, Fraud behavior can be prevented on condition that one or more of the three dimensions are eliminated or minimized. For the pressure element, it is fairly difficult for a company to alleviate staff’s financial, motional and lifestyle pressure to a large extent, although company can build a comfortable working condition and an atmosphere of regulatory competition between employees.
In contrast, the elimination of opportunity element can be achieved by some approaches. Implementing a fraud hotline mentioned by Romney and Steinbart (2009) does decrease the opportunity of committing computer crime due to the watch by other employees and improve the computer security of a company. There is a saying that staff who witnessed fraudulent behavior will always face a dilemma.
On the one hand, they feel responsible for protecting company assets and reporting disaffected employees; On the other hand they are reluctant to act as a whistle-blower and will remain silent at last. However, a company fraud hotline, which enables staff report fraudulent behavior anonymously, effectively solves the problem. In views of rationalization, computer ethics should be considered. Computer ethics is defined as ‘the analysis of the nature and social impact of computer technology and the corresponding formulation and justification of policies for the ethical use of such a technology’ (Maslin Masrom, 2008).
In the ten commandments of computer ethics mentioned by Maslin Masrom, there says that ‘thou shalt not use a computer to harm other people’, which is the foundation of computer ethics (ibid). Thus, to enhance the awareness level of computer security and computer ethics of staffs in a company should be a goal for a company to achieve. For example, a company may organize workshops or training about computer security and ethics for all the staff, technological specialist and non-technological employees, as a way to emphasize the seriousness of computer fraud.
In conclusion, the information security of a company is threatened more by insiders rather than by outsiders. For the threat from outsiders, such as hackers, company should perform carefulness in the every detail in the process of network construction, operation and maintenance and install useful software. For the threat from insiders, ‘Fraud Triangle’ is helpful to decrease employees’ illegible behavior, especially the element of opportunity and rationalization.
As a whole, the problem of company information security still needs more researches not only about the newly developed information technology but also about how can a company build trust within staff and keep staff loyal to the company.
Read the journal article, “Businesses Seeking Working Capital-Survey. ”https://www.forbes.com/sites/sageworks/2013/04/12/businesses-seeking-working-capital-survey/#292307b034bb Based on the information presented in the article, discuss the following: How should a business use working capital analysis? Which is more important to the short-term lender: the stock of cash or the flow of cash? Is it possible in today’s business to operate with no current liabilities?
Essay Help “>Essay Help