According to O’Brien and Marakas (2005), a system is defined as “a set of interrelated components, with a clearly defined boundary, working together to achieve a common set of objectives”. Physical, biological, technological, and socioeconomic systems are illustrations of systems that can be discovered in the physical and biological sciences, in technological disciplines, and in human society.
Hence, the information systems (IS) can be “any organized combination of people, hardware, software, communications networks, and data resources that stores and retrieves, transforms, and disseminates information in an organization” ( O’Brien & Marakas, 2005) . In others words, the term information ...view middle of the document...
According to Loch et al (1992), threats denote "a broad range of forces capable of producing adverse consequences" (p. 174). In the context of information systems, a threat creates risk by making a probability that a force will act adversely on the system. Moreover, the threat can be considered from diverse perspectives: internal/external, human/non-human, intended/ unintended, and so on (Loch et al., 1992).
As mentioned in their report, Berson, Kemmerer and Lampson (1999) stated that information systems and networks can be subject to four generic vulnerabilities: unauthorized access to data, clandestine alteration of data, identity fraud, and denial of service.
Firstly, the unauthorized access to data consist of the surreptitiously obtainment of sensitive data or information that could be used against the interests of the organization. Furthermore, the imperceptibility of an unauthorized access to data could engender more damage due to the impossibility to take countermeasures. Secondly, the clandestine alteration of data could be termed as shifting data clandestinely in order to disrupt the execution of a plan. For example, an alteration of market information could significantly lead the organization to a wrong decision about a product manufacturing. Thirdly, the identity fraud is defined as an illicitly posing as an authentic user which can allow an intruder to issue false information, make unauthorized commitments, or alter the organization database to his advantage. Finally, the denial of service (DoS) denotes a denying or delaying access to information or services, especially for time-critical tasks. For example, attacks that resulted in the unavailability of selling information could delay planning for production.
According to Kevin and Chris (2001) as cited in (Azrina & Othman, n.d.), denial of services attacks are classified in three categories:
Destructive attacks which annihilate the function of the device, such as erasing or altering configuration information or interrupting the power supply.
Resource consumption attacks which vitiate the device ability to function, such as establishing several connections to the same device simultaneously.
Bandwidth consumption attacks which outstrip the bandwidth capacity of the network support. Hence, small-bandwidth networks, becoming target, may be affected by simultaneous bandwidth consumption.
Distributed denial of services (DDoS) is a junction of DoS attacks performed from innumerable sources in order to hinder the operation of the target device. As consequence, DDoS cannot be prevented with merely filtering the source Internet Protocol (IP) addresses since it is instigated from multitude points.
To overcome the vulnerability of the information systems and maintain them in well-functioning conditions, experts must guarantee preliminary security requirements such as date confidentiality, date integrity, system availability, and system configuration.