As we all know, a disadvantage of using information systems is that sometimes vital information can be lost. Over the years, methods have been put in place to reduce threats to information systems.
There are four approaches that can be taken to prevent risk: containment, deterrence, obfuscation and recovery. I will explain each of these separately.
Containment is controlling access to an I.S. By giving the impression that files within the I.S have little value, risk of losing this information is reduced. Another way would be to increase security and upgrade regularly to stop hackers from intruding. If benefits from retrieving the information are less than the time and effort put into actually getting it, most hackers will avoid it.
Deterrence is punishing intruders. Regular advertising about the consequences of intruding will discourage hackers. Predicting the most likely risks means security can be put in place to avoid such risks from occurring, for example anti- virus software for the risk of viruses.
Obfuscation means hiding certain assets of the business so risk is limited. This involves monitoring more aspects of the business than just the information systems. This therefore provides protection against other threats which may exist, such as theft. It is a better method of managing risks than both containment and deterrence. Regular updates of software, hardware, security, etc, can reduce risk as we can keep an eye on whats happening constantly. Spreading assets across several locations puts intruders off, and means that risk is reduced if an intrusion does occur.
Recovery is the fourth method. This involves ensuring that the information system recovers quickly in any case of disruption to the system. The key to this form of risk management is planning. Emergency procedures must be in place for when things go wrong. Some firms have backup programmes in place also, to further reduce risk from having a major effect on business.
It is important that for the future of information systems to be successful, security measures must be put in place to minimise risk and to ensure businesses can function properly when hackers surface.
For more information please follow this link: http://www.promeng.eu/downloads/training-materials/ebooks/business-information-systems.pdf