International Journal of Computer Applications (0975 – 8887) Volume 89 – No.3, March 2014 25 Information Systems Threats and Vulnerabilities Daniyal M. Alghazzawi Syed Hamid Hasan Mohamed Salim Trigui Information Security Research Group Faculty of Computing and Information Technology, Department of Information Systems King Abdulaziz University, Kingdom of Saudi Arabia ABSTRACT Vulnerability of Information Systems is a major concern these days in all spheres of Financial, government, private sectors. Security of the Information Systems is one of the biggest challenges faces by almost all the organizations in today’s world. Even though most of the organizations have realized the value of information and the part it plays in the success of the business, yet only a few take adequate measures in ensuring the security of their information, preventing unauthorized access, securing data from intrusion and unapproved disclosures etc. The impact any business is going to bear, in case any of the information system is compromised or goes down, is great; hence ensuring stability and security of these information system is of paramount importance to these businesses. Keywords Information System, Security Protocols, Enterprise security 1. INTRODUCTION One of the most important asset on an organization in today’s world of increasing dependence on technology and the application of IT in almost all the spheres of business, is Information. It is impertinent that an organization manages its information with utmost care and diligence. The criticality of information can be compared with that of work or capital and at times even more as with the advent of technology modern startups are completely based on information and it is the core product of the business. In reality, the number of organizations getting dependent greatly on IS (Information System) is ever increasing over the past few years. [1]. The role of Information Systems in the world today is widely being accepted and they are at the center of almost all the technology infrastructures related to critical functions and the same is recognized by the researchers in the field of security and technology [2]. We are aware that the Information systems of today are the targets of attack from a variety of sources ranging from hackers, to cyber terrorists, to viruses on the internet, to internal employees of the company or even phishing through socially engineered attacks [3]. The requirements of security in technology have been on the rise ever since the 70s and this has lead to development of a vast majority of Security Protocols, Models and Techniques. Development of the security tools has also made the international community pay attention to developing of International certifications and standards. In fact, it is so noticeable, as highlighted in [4] that we can today find a number of international organizations that have laid down complex arrangement of standards and benchmarks related to the field of information security and even these standards are constantly updated & changed as required. The growing volume of threats to the information system and their increasing roles in the setup today is compelling the businesses to change their outlook on the security aspects of Information Systems. It is widely recognized that threats are global and permanent in nature. Now to Hire an IT & Communications (ICT) specialist is similar to hiring the military men, as just leaving the security to them is not enough. The need of continual improvement of the security framework of the organization is being fully recognized by almost all the organizations. They have realized that in order to maintain security there should be constant governance of the security processes and a security culture must be established. Yet, it is easy to say it as quite a few of the organizations are still dependent on the age old standards of security viz ISO/IEC 17799. These standards were not aimed to handle the modern day complexities and threats of ICT. It is the security standards in ISO/IEC 27001 [5] that addresses the concept of life cycle of a security policy; even then the sudden changes in the nature and the magnitude of threats experienced by the information systems need require yet higher/flexible standards of security capable of handling the situation today. The present paper is aimed at addressing the issues of security faced by the Information system by discussing some of the available and proven techniques of defense laid out by the industry leaders 2. INNOVATIONS AND CHALLENGES – INFORMATION SYSTEMS Any effort made by the an organization to avoid risks and enabling the company to tackle any threats to its existence is classically called Enterprise security. We need to modify the term to include the newly conceived asset of information in this gambit so that the system would be able to protect information as well thus giving rise to an amalgamation called Information System’s Security. There is a close link between Information and Security and it is clearly established by the fact that the information of the company is as reliable as the strength of the security system designed to protect the information. If the security system is not effective in protecting the information then there would be a sense of mistrust and uncertainty about the information emerging from that system and that would definitely not have a positive impact on the business. On the opposite if the company has a strong security system the information is termed reliable and it would benefit business from both outside and inside. The aim of Information System Security is to chalk out policy for security of information and to lay down procedures that would govern the handling of the informational Assets, thus achieving integrity, availability, confidentiality and authenticity of the information handled. Following the principle task for any system dealing with Information System Security: