Web Development Companies In Singapore: Security Essay - Issues And Solutions.

Security Challenges Faced by iPixel

Question:

Discuss About The Web Development Companies In Singapore?

The chosen organization for this research is iPixel, which is a company involved in website development, design and development of graphic designs. iPixel is one of the largest web development companies in Singapore and is now looking to emphasize on the international market. It has been partially successful in stretching their services over the international markets and they have now developed a significant customer base outside of Singapore. This research work is mainly based on the analysis of this particular company to find whether there are any security issues and loopholes in the existing system. Since, the entirety of the work of iPixel is hosted online i.e. the entire development and design processes are done on the virtual interface using virtual and software driven tools and techniques, sufficient cyber security measures are essential in ensuring the protection of different confidential data like the business strategies of the company, transactional details, identities and personal information of the clients and others. Moreover, with the rising number of reported issues of hacking worldwide, it is to be ensured that the company has implemented sufficient cyber security measures to counter any types of attacks. After the analysis of the existing security system at the company, a recommendation system as well as the consequent project planning has been provided in this report. This project plan is aimed at implementing a new information system that will address the security issues that are currently faced by iPixel.

In this report, an analysis has been conducted on the existing information security system of iPixel and a suitable security management plan and ISO plan have been suggested accordingly.

iPixel is a Singapore based organization that deals with development of websites, web contents and graphic designs for clients around the world. Due to the range of their services, it is necessary for them to have sufficient cyber security in order to protect confidential information, client identity and personal details, business strategies and other critical data and information. While analyzing their existing security system, a number of problems and loopholes have been detected. These are listed as follows. However, before proceeding to the different categories of the problems, it should be noted that the source of all these problems is the internet. The reasons are described accordingly.

Business Security – iPixel provides web based solutions to the clients worldwide. Hence, the range of the business area of the company spreads all over the world. As a result, the company must have suitable business strategies and policies in order to provide such services. Moreover, since the services include web based solutions and development, the entirety of their services are hosted online in the virtual interface. Hence, their business security faces significant challenges from the cyber security challenges (Feng, Siu and Zhang 2013). There are numerous web development companies around the world and they might try to access iPixel’s business strategies in order to gain competitive advantage. There may be some hackers as well, who may try to access the business information and sell them to the rival companies for a very high value of money. This is one critical problem iPixel faces and that must be addressed immediately in order to protect all the business related data and information.

Existing Security System at iPixel

Information Security – In addition to the business data, there are also other data and information stored in the company’s cloud server. These data and information include shares of the company owners, investment and loan details, sales records, detailed information of the clients and employees, service history and others (Coronel and Morris 2016). iPixel uses basic security firewall to protect these data and information from cyber security threats but at the current technologically advanced world, this firewall is not sufficient to protect the data from the attacks. The hackers are now able to create strong and malicious files that can even enter a system without even getting detected by the firewalls. Hence, the information security issue must be addressed immediately.

Technical Security – Technical security is another problem area that must be addressed by iPixel in order to protect their business information and data. Technical security mainly refers to the security of physical storage devices as well as the softwares used by the organization for the web developments and solutions (Chang 2016). Most of the softwares used by the company require installation of periodic updates, renewal of license and others. During these operations, some malicious files may enter the system and result in disastrous consequences. Hence, this issue also must be addressed immediately.

Before the suggestion of a new security program, the current security system at iPixel has been analyzed. According to the analysis, it has been found that iPixel is serious about the security threats and has taken active initiatives to protect its server from the external threats. The security measures taken by iPixel include security firewalls, antivirus softwares and others. However, the main issue with this system is that all these measures are short term in nature and will not be any long term solution (Rosemann and vom Brocke 2015). Again, these measures can only fix lower level and random unidentified activities and malwares. On the other hand, with the massive development of information technology in the last 10 to 15 years, there has been a significantly huge development in the hackers’ technology as well. Ten years back, the hacking attempts could have been easily detected and blocked within a short period of time. However, the hackers have developed their dark technology so much that nowadays, most of them enter into a server undetected and when the server finally detects something is wrong, it is already mostly damaged by the malware (Wager, Lee and Glaser 2017). iPixel should consider this seriously and immediately take suitable steps. Currently, iPixel does not even follow any specific is ISO guideline that helps organizations to build up their defenses against cyber security threats. iPixel provides web based solutions and developments to the clients all over the world and hence, they have a very long range of reach in different parts of the world. Owing to the rapid growth of the organization, there may be growing interest of the rivals to bring down their business to maintain their own market competitiveness. Hence, they may as well hire third party hackers to break into the server of iPixel and leak their business data, statistics and strategies. Again, some anonymous hackers may also try to inject ransomwares into the company server so that they can either block secure information and ask for ransom or sell the stolen information to the rivals in exchange for a huge sum of money (Saxton, Oh and Kishore 2013). Both of these are very likely to happen, especially when the entirety of the service works of iPixel are hosted online, and when they occur, the company will have to bear extremely serious consequences that can also lead to shutting down of their business.

Proposed Implementation Plan for New Security System

Following the analysis, the following suggestions are provided for the development of new security system for iPixel.

1. Immediately upgrade all the existing systems with latest hardware configurations and software versions.
2. Appoint a reliable and expert cyber security team who will be able to detect issues with the existing system as well as find solutions to these issues immediately.

• Install the latest softwares and cyber security defenses.

1. Train the employees to realize the importance of these softwares and their roles in ensuring these softwares are always active in all the systems inside the office premises.
2. Develop a significant cyber security defense with the help of security personnel and respective softwares.
3. Install a system monitoring system that will provide regular updates regarding the system condition.

In order to implement the new security system, an implementation plan is required. A proposed implementation plan is as follows.

Project Initiation – The company should consider naming the implementation as a full-fledged project so that every activity is conducted systematically within a specific timeline. For that, the company needs to appoint a project team and prepare a suitable project plan. Accordingly, the company needs to decide on a suitable budget that will be sufficient for purchasing all necessary resources and softwares. This will be allocated to the project team and they will use it to fulfill their duties in the project. After the project plan is completed, the project will be gradually initiated.

Project Execution: Phase 1 – This is the first phase of project execution where the entire system will be analyzed by the security implementation team. They will search for the flaws and loopholes that are existing in the system and will suitable solutions for the problem. After that, the team will use the budget allocated to them to buy necessary resources like hardwares and softwares for the technical upgrade of the current system. It is to be ensured that the hardwares purchased are of latest configurations and the softwares purchased are of the latest versions. The team will install these systems to replace the new one. It is also recommended that the server should changed with new and better internet connection (optical fiber is recommended).

Project Execution: Phase 2 – In this phase, the installation of the hardwares and softwares should be complete and now, the team will check the running of the server and the extent of external security threats it may face. After that, the team will install cyber security softwares that will be useful in countering against external security threats including virus, malwares and others. The team should ensure that the security software is as strong as possible so that maximum amount of attacks can be easily countered.

Project Execution: Phase 3 – In the final phase of project execution, a risk analysis needs to be conducted for suitable risk management measures. The risk assessment needs to cover different sections of the project implementation including hardware risks, software risks, external risks, cloud server risks and others. After all the possible risks are detected, suitable risk management techniques need to be applied so that the risks do not occur during any time in the future.

Project Completion – Before signing off the project as complete, the project manager should evaluate the entire project by reading the project report document as well as getting visual working and demonstration of the system from the project team. After everything has been finalized, the project manager should implement a specific ISO Security Standard that will need to be followed throughout the course of business operations of the company. Moreover, some training sessions will be provided to the company employees so that they learn the value of cyber security and abide by all the rules and regulations set by the chosen ISO security standard.

There are a number of ISO security standards that provide sets of rules and guidelines regarding information security management systems. The ISO 27000 family mainly deals with information technology and information systems. Hence, one of the standards from this family is suitable for application in this particular company. After analysis of all the available standards, the most suitable one is found to be ISO 270001 (also called ISO/IEC 27001) (Feng, Siu and Zhang 2013.). This particular standard mainly deals with leadership, planning, support, operations and performance evaluation guidelines. These are the main areas that the company lacks and need to be addressed. Oral recommendation to the employees by the manager is not sufficient and hence, implementation of the ISO standard is necessary.

In addition to finding flaws in the system, identification of threats and subsequent risk management are also necessary. The possible threats are identified as follows.

Hackers – Owing to the rapid growth of the organization, there may be growing interest of the rivals to bring down their business to maintain their own market competitiveness. Hence, they may as well hire third party hackers to break into the server of iPixel and leak their business data, statistics and strategies. Again, some anonymous hackers may also try to inject ransomwares into the company server so that they can either block secure information and ask for ransom or sell the stolen information to the rivals in exchange for a huge sum of money.

Malwares – Malwares are faulty file extensions that are either broken parts of faulty files or are intentionally created to infect and destroy a particular system or even a server. These malwares can also be created inside the system due to some failed discard of a particular file. While some malwares can easily be detected, some others are detected very late when the system is already damaged.

Accordingly, suitable risk management plans are necessary to counter these identified threats as these can have serious consequences on the system as well as the server. Furthermore, they will also have serious impact on the business of the company. Hence, as a risk management plan, the company will need to install cyber security softwares that will be useful in countering against external security threats including virus, malwares and others. The company should ensure that the security software is as strong as possible so that maximum amount of attacks can be easily countered.

Conclusion

In this report, an analysis has been conducted on the existing information security system of iPixel and a suitable security management plan and ISO plan have been suggested accordingly. Based on the analysis of the existing system at iPixel, it has been found that there are a lot of loopholes and issues with the system. When iPixel was first setup, a cyber security system was implemented that was not upgraded any further till now. On the other hand, over the years, the hackers have continuously upgraded themselves. Hence, the existing cyber security system will not be sufficient if the existing system continuous to run without any upgrades and changes. With the flourishing of the business of iPixel, the company continues to increase the customer base and at the same time continuous to ignore the necessity for implementing sufficient cyber security measures to protect all the confidential files, documents, information and details. Another main issue that has been identified from the analysis is that the company does not follow any specific ISO standards. ISO standards have been created to provide suitable and helpful guidelines for different aspects of business. However, as the company does not follow any, the officials also have no idea regarding cyber security guidelines and instructions. Hence, an analysis of the existing security system at the company has been conducted in order to identify the exact areas of weakness the company bears. Accordingly, a recommendation system as well as the consequent project planning has been developed and proposed in the course of this report. This project plan has been developed in order to prepare an implementation plan for a new information system that will address the security issues that are currently faced by iPixel.

As per the analysis of the current situation at the organization, the following recommendations can be suggested.

System Upgrade – It is strongly recommended that the company must immediately upgrade all the existing systems with latest hardware configurations and software versions. The company should consider starting an entire project so that every implementation plan is conducted systematically within a specific timeline. Accordingly, the company needs to decide on a suitable budget that will be sufficient for purchasing all necessary resources and softwares. Accordingly, they should develop a significant cyber security defense with the help of security personnel and respective softwares.

Appointment of Security Specialists – The security measures taken by iPixel include security firewalls, antivirus softwares and others. However, the main issue with this system is that all there are no long term solutions available and the company banks on short term solutions only. Again, these measures can only fix simple lower level and random unidentified activities and malwares. Hence, it is recommended that the company should appoint a reliable and expert cyber security team who will be able to detect issues with the existing system as well as find solutions to these issues immediately. The security team will also need to install the latest softwares and cyber security defenses. Installation of a system monitoring system will provide regular updates regarding the system condition.

Employee Training – The company must train the employees to realize the importance of these softwares and their roles in ensuring these softwares are always active in all the systems inside the office premises.

References

Armstrong, M. and Taylor, S., 2014. Armstrong's handbook of human resource management practice. Kogan Page Publishers.

Baskerville, R.L. and Wood-Harper, A.T., 2016. A critical perspective on action research as a method for information systems research. In Enacting Research Methods in Information Systems: Volume 2 (pp. 169-190). Springer International Publishing.

Bernus, P., Mertins, K. and Schmidt, G.J. eds., 2013. Handbook on architectures of information systems. Springer Science & Business Media.

Bonham-Carter, G.F., 2014. Geographic information systems for geoscientists: modelling with GIS (Vol. 13). Elsevier.

Brown, G., Kelly, M. and Whitall, D., 2014. Which ‘public'? Sampling effects in public participation GIS (PPGIS) and volunteered geographic information (VGI) systems for public lands management. Journal of Environmental Planning and Management, 57(2), pp.190-214.

Cavusoglu, H., Cavusoglu, H., Son, J.Y. and Benbasat, I., 2015. Institutional pressures in security management: Direct and indirect influences on organizational investment in information security control resources. Information & Management, 52(4), pp.385-400.

Chang, J.F., 2016. Business process management systems: strategy and implementation. CRC Press.

Cherry, B. and Jacob, S.R., 2016. Contemporary nursing: Issues, trends, & management. Elsevier Health Sciences.

Coronel, C. and Morris, S., 2016. Database systems: design, implementation, & management. Cengage Learning.

Doolin, B., 2016. Information technology as disciplinary technology: being critical in interpretive research on information systems. In Enacting Research Methods in Information Systems: Volume 1 (pp. 19-39). Springer International Publishing.

Dumais, S., Cutrell, E., Cadiz, J.J., Jancke, G., Sarin, R. and Robbins, D.C., 2016, January. Stuff I've seen: a system for personal information retrieval and re-use. In ACM SIGIR Forum (Vol. 49, No. 2, pp. 28-35). ACM.

Feng, D., Siu, W.C. and Zhang, H.J. eds., 2013. Multimedia information retrieval and management: Technological fundamentals and applications. Springer Science & Business Media.

Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press.

Rosemann, M. and vom Brocke, J., 2015. The six core elements of business process management. In Handbook on business process management 1 (pp. 105-122). Springer Berlin Heidelberg.

Saxton, G.D., Oh, O. and Kishore, R., 2013. Rules of crowdsourcing: Models, issues, and systems of control. Information Systems Management, 30(1), pp.2-20.

Schwalbe, K., 2015. Information technology project management. Cengage Learning.

Stallings, W., 2014. Operating Systems: Internals and Design Principles| Edition: 8. Pearson.

Stark, J., 2015. Product lifecycle management. In Product Lifecycle Management (pp. 1-29). Springer International Publishing.

Wager, K.A., Lee, F.W. and Glaser, J.P., 2017. Health care information systems: a practical approach for health care management. John Wiley & Sons.

Willcocks, L., 2013. Information management: the evaluation of information systems investments. Springer.