MINI RESEARCH PROJECT

INFORMATION SYSTEM CONSULTANTS: A CHALLENGING ROLE AGAINST HACKING

TABLE OF CONTENTS
INFORMATION SYSTEM CONSULTANTS: A CHALLENGING ROLE

AGAINST HACKING ..................................................................................................1 Table of Contents...........................................................................................................2 INTRODUCTION......................................................................................................4 BACKGROUND AND PROBLEM DEFINITION..................................................5 RESEARCH QUESTIONS........................................................................................5 RESEARCH OBJECTIVES......................................................................................5 LITERATURE REVIEW...........................................................................................6 ROLE AGAINST HACKING...............................................................................6 HACKING CHALLENGES TO FACE.................................................................6 I.S. STRATEGIES AGAINST HACKING...........................................................7 THEORATICAL FRAMEWORK.............................................................................9 RESEARCH DESIGN AND METHODOLOGY....................................................10 DATA COLLECTION AND ANALYSIS TECHNIQUES....................................10 DATA VALIDITY AND RELIABILITY...............................................................10

ETHICAL ISSUES..................................................................................................11 DATA FINDINGS ..................................................................................................11 RECOMMENDATIONS.........................................................................................14 REFERENCES.........................................................................................................15 APPENDIX..............................................................................................................16 SURVEY QUESTIONNAIRE.....................................................................................16 DEMOGRAPHIC INFORMATION....................................................................16 QUESTIONS........................................................................................................16

INTRODUCTION
With the advent of computer technology in 1980s, man has started using it for bringing order and progress in his business. With this very start, it was felt that there must be a way of connection between the computer program designers and users, and this need was satisfied by Information Systems (IS). Information system is the professional field of communicating needs of the clients to the providers with the contribution of innovative ideas. And an information system consultant or IS Consultant is the man responsible or dealing such issues. An IS Consultant is basically the spokesperson of a business service provider who is positioned to play the challenging role in answering the queries of the customers and ensuring the solution of any problem that occurs. For this purpose, he has to stay abreast of every new technology to foresee the possibility of an issue. His demanding job also requires him to organize new advances to serve the business better with more protected programs focusing on the possibility of data theft and data loss during funds and information transference (Dhillon, 2003). The introduction of world-wide-web has posed the newer threats in front of these IS Consultants in the form of hackers. Data hackers are the programmers who burglarise computer systems to theft, modify or tear down data for fun or specific purposes. They pose the most troublesome danger to an organizations economic status as the theft can be used for future blackmailing or for causing economic loss to the business. As an IS Consultant is the man who is responsible of taking care of the safety and security of all the communicational channels of an organization; hacking presents him with a most challenging role.

BACKGROUND AND PROBLEM DEFINITION

The research problem of this study can be defined as rising tendencies in hacking have presented IT consultants with the most challenging role. The main focus of this study is to draw attention to the mounting trend of network and data hacking in the information systems. This particular threat is causing fear and disturbance among executives as they lose the privacy by opting for advanced communicational technologies, such as internet. This burglary can result in the loss of important information and can lead to massive financial loss. These issues are challenging the value and efficiency of using information systems for important data transfer.

RESEARCH QUESTIONS
This study has tried to answer the following research questions: 1. What role can an information system consultant play to prevent even the minute data loss and hack? 2. What threats has an information system consultant to face? 3. What new ways can an information system consultant adopt to bring newness and uniqueness in the system ideas and get prepared for the future threats?

RESEARCH OBJECTIVES
The research observed the following objectives: 1. To highlight the challenging role that a consultant has to play in the development and success of an information system.

2. To make the consultants aware of the importance of knowledge and skill against hacking software.

LITERATURE REVIEW
An Information System consultant plays a combined role of a consultant, a gapBridger, an alarm, an informer as well as a designer. He not only bridges the gap between the program designers and the users, he also points out the possible threats and issues involved in data network connections. He is the one who brings in innovative ideas as he does not have to work in the sanctuary of his office; rather he has to communicate with the people to know of their problems and complains against the services. ROLE AGAINST HACKING The role of as IS consultant is that of a protector against hacking. As he is the one who has to take care of the modern trends and activities in information technology along with listening to the needs and complaints of the customers, he knows more about potential threats against an organizations information system security. Hacking lies at the top list in these threats. It is not a mere unauthorized access to private information; it is the theft of valuable data for gains. HACKING CHALLENGES TO FACE The hacking threats that an organization has to face are as follows: Unauthorized Access: the attacker gains unauthorized access to the stored data by hacking password or by breaking its code.

 Disruption: there can be various disrupting attacks that can cause denial or degradation of services. This kind of attack overloads the network system and causes automatically generated messages. This kind of attack has caused damages to millions of information systems till now. Execution of Malicious Software: some of the attackers inject malicious software, such as virus, into the system that not only damages the computers but also causes loss of data. They can alter or delete data easily leading to high scale damages. Interception of confidential information: the privacy and reliability necessities of the users are also damaged by informative interceptions; it is usually called sniffing. Misrepresentation: It spreads by using someone elses identity through information system, can result in fraud and stealth of valuable information, it is usually known as Spoofing (Stewart, Tittel, and Chapple, 2008). I.S. STRATEGIES AGAINST HACKING There have been numerous studies done on the prevention of the hacking attempts. These were offered by many IT consultants to benefit their organizations data security. Some of these are as follows: Ubiquity of system: The total connectivity of systems implies wider range of hazards to security. The program will be exposed to more threats and the chances of hacking will increase. Therefore, scholars forbid total ubiquity of systems. Third Parties: Public Keys Infrastructure has already worked with reliable third parties that, for example, issue digital documentations. These parties aid 7

to lessen the problem of trust (Yakhno, 2004). In spite of widening their reliance on a peer-to-peer network, people have to depend upon only a small number of chosen trusted third parties or documentation authorities. Revision of network protocols: the design of internet had not considered security problems. This is the root cause of hacking that can be minimized by revising current communication protocols. Biometrics: Biometric authentication techniques have some very hopeful compensation; however, they have some challenging characteristics as well (Bocij, Greasley, and Hickie, 2009,). Scholars have posed two questions against biometrics: o As Biometrics does not allow any pseudonym authentication, the people will be asked for iris scans, fingerprints or DNA test every time. o As a new password is issued if the previous one is lost, what a man can do to compensate the damage? Security Outsourcing: security outsourcing organizations provide the solution of security and safety concentrating on the issues only (Kelly and Casey, 2009). Different organizations hire their services to ensure security. IT Insurances: Anti-hacking softwares, firewalls and other programs can also be developed to ensure safety and security of confidential data. Khare (2006) has also suggested the following recommendations: Simplification: Complex systems and programs are difficult to handle, and difficult to be secured. Therefore, the programmers must make such frameworks that devise simple structures for which there can be simple security systems devised.

 Care in system designing: new programs, software and hardware must be designed keeping in view the current security hazards. This will lessen the potentiality of threats. User Awareness: if the users are made aware of the potential security hazards, they can be taught ways to avoid mistakes that result in the leakage of confidential information. This will save enormous finance, time as well as valuable data. (Khare, 2006, p.258-260) Thus, the researcher thinks that a consultant can play a challenging role in mechanizing the security of information systems. Therefore, the organizations must train such individuals who possess the knowledge of the business, computer skill as well as ability for programming so that they may devise and recommend solutions to the programmers on the basis of received responses of the users.

THEORATICAL FRAMEWORK
The security of an information system can be ensured by the interaction of user, consultant and the programmer. The user gives feedback to the consultant after using the security program. The consultant analyzes the responses, probes into the reasons of security failures, thinks of solutions and suggests them to the designers and programmers of the system. The programmers will make amendments to fulfil the requirements. This program then can again be checked by the consultant and referred to the users for further check. The factors that will interfere include the personal mistakes of the users, non-electronic cheat (for example, telling the passwords to friends), system failure due to some local problem, etc. The personal sense of responsibility and duty among the users will also affect these programs. Thus, a

mutual cooperation of the user, consultant and the programmer can ensure hacking free transference of the information possible.

RESEARCH DESIGN AND METHODOLOGY

The research followed a qualitative design as it needed an in depth investigation of the particular phenomenon. For this purpose, a random sample of 30 professional was selected, contacted and their responses were collected through Emails. To support this primary data, secondary data was also gathered by reviewing the studies already done.

DATA COLLECTION AND ANALYSIS TECHNIQUES

The data was collected with the help of questionnaires that were designed following two techniques (See Appendix). One of the techniques was that of a psychometric scale called Likert Scale in which the participants are required to rate the intensity of their agreement or disagreement to a particular phenomenon (Babbie, 2010). There were also some statements for which five options were given to the respondents to select the most appropriate one closest to their own point of view. To analyze the data gathered, pie charts are going to be used.

DATA VALIDITY AND RELIABILITY

The reliability of the data is made possible by avoiding any emotive and guiding statement. The statements in the questionnaires were directed to extract sincere reactions from the respondents and their originality was made certain. Also the data was obtained from 30 participants to avoid any trace of bias. The validity of the data was made sure by avoiding any association to a particular field of business and the data was collected from a diverse group of professional information system consultants.

10

ETHICAL ISSUES
The ethical issues considered in this project include sincerity, originality and secrecy. It was made certain that the data was never changed for any purpose. Also the secrecy and privacy of the participants was made sure.

DATA FINDINGS
To gather primary data, a questionnaire comprising of 10 questions was used. All the questions were directed to bring into light the importance of the role that an information system consultant plays. The data obtained is as follows: 1. All the participants agreed that hacking attacks cause enormous loss to the business industry (Figure 1).

Figure 1 Hacking Attacks Heightens Loss 2. Certain computer programs can be designed to avoid and prevent hacking attacks. Most of the participants (80%) felt certain about that. 20% were a little uncertain, however no one disagreed (Figure 2.)

11

Figure 2 Computer Program V/S Hacking 3. Information consultants are the most likely informers of the need of security measures in an organization. This fact was confirmed by 90% of the respondents (Figure 3).

Figure 3 Informers of Security Needs

12

4. The greatest threat that IS consultants face is the threats against the theft of confidential information. As obvious from the following figure, 53% participants have agreed to this fact. Unauthorized accesses to private information as well as execution of malicious software to harm information system are other important threats.

Figure 4 Threats against IS Security 5. There are many safety measures that can be adopted according to the situation and circumstances. These include the intervention of third parties, avoidance of total connectivity as well as simplification of the programs. Some participants have also favoured the use of biometrics authentication systems and regularization of IP protocol as possible solution.

13

Figure 5 Safety Measure against Hacking

RECOMMENDATIONS
In view of the above findings as well as deep insight into this matter, this study has been able to suggest a few recommendations for the programmers, organizations and IS consultants with regard to better network system security against hacking. These recommendations are as follows: 1. IS consultants should be hired and made aware of their challenging role in protecting their organizations network system from hackers. 2. IS consultants should be trained in a way to avoid as much workforce as possible as hackers can lie within the organization. 3. Unnecessary network connectivity should be avoided so that to make the system less vulnerable to hacking threats. 4. Data information should be categorized on the basis of priority. The top of the list information should be kept in the strictest security area. This will minimize the fret upon what to share and what not.

14

REFERENCES
Bocij, P, Greasley, A. and Hickie, S. (2009). Business Information Systems: Technology, Development and Management. 4. UK: Pearson Education, Limited, p. 529-556. Dhillon, G. (2003). Social Responsibility in the Information Age: Issues and Controversies. Reprinted. Idea Group Inc (IGI), p.76-85. Babbie, E. R. (2010). The Practice of Social Research. 12th ed. USA: Wadsworth Cengage Learning. Lehtinen, R, Russell, D. and Gangemi, G.T. (2006). Computer Security Basics. 2nd Edition. O'Reilly Media, Inc, p. 250 - 278. Khare, R. (2006). Network Security and Ethical Hacking. Illustrated. UK: Luniver Press, p. 258-269. Kelly, R., and Casey, G. (2009). Introduction to Information Systems: Enabling and Transforming Business. 3rd Edition. San Francisco: John Wiley and Sons, 2009. p. 336-349. Stewart, J. M., Tittel, E. and Chapple, M. (2008). CISSP: Certified Information Systems Security Professional Study Guide. 4th Edition. San Francisco: John Wiley and Sons. Yakhno, T. (2004). Advances in information systems: third international conference, ADVIS 2004, Izmir, Turkey, October 20-22, 2004: proceedings. New York: SpringerVerlag New York Inc, pp. 402-465. 15

APPENDIX

SURVEY QUESTIONNAIRE
Dear participant! This survey is being conducted to find out the potential role of an information consultant in preventing hacking attacks upon business terminals. Your sincere responses are valued and your identity will not be revealed to any one at all. DEMOGRAPHIC INFORMATION Age: ___________________ Experience: _____________ QUESTIONS Instructions: Please read the queries carefully and pick the most appropriate option. The selection of more than one option will not validate the results, so kindly avoid it. 1. Hacking attacks can cause huge business loss. Do you agree? Strongly Agree Uncertain Disagree Strongly Disagree Agree 2. A computer program can be designed to avoid hacking attacks sufficiently. Strongly Agree Uncertain Disagree Strongly Disagree Agree 3. Who can tell the organizations of the need of enhanced security measures and software? Software Third Consumers IS Consultants Administrators Designer Parties 4. The role of an IS Consultant is crucial in keeping hackers away. Strongly Agree Agree Neutral Disagree Strongly Disagree

16

5. What is the most common hacking threat that an IS consultant faces? Unauthorized Disruption Access Execution of Malicious Software Interception of Misrepresentation confidential information

6. Which strategy should be adopted by an IS consultant? Biometrics Involvement of Third parties Simplification of the program Avoidance of total connectivity Regular heck of IP Protocols

17