Important And Confidential Financial Information: Hacking The AIS (Essay Sample)

Hacking the AIS Name: Professor’s name: Course title: Date: Introduction A number of companies have had their database systems hacked and their information accessed without their authority. Hacking is a vice that is perpetuated by malicious individuals who have bad motives of accessing their important and confidential financial information. Examples of the companies whose their database systems have been hacked include Neiman Marcus, White Lodging Services Corporation, Sally Beauty Stores, P.F. Chang’s Bistro and JP Morgan Chase just to name a few(Garget al, 2003). For the sake of this presentation we shall discuss the hacking of JP Morgan Chase, illustrating how its database system was hacked,the security measures taken and the implication of the hacking. The level of responsibility of the company in terms of the effectiveness of the response to the security breach JP Morgan Chase & Co. reported on 2nd October,2014 to the Securities and Exchange Commission (SEC) that its systems had compromised the security of approximately 7 million small businesses and 76 million households. The cyberattack compromised PII that included the names, phone numbers, addresses, email addresses and the internal information of the company relating to the users. There was however no evidence from the filling of the company that the account information and other details including users IDs and passwords, birth dates and social security numbers of the customers had been compromised. The company claimed that it had not identified any fraud relating to the hacking incident. It reassured its customers that if they reportedpromptly, then they would not be held liable for unauthorized activities that would arise on their accounts (Silver et al 2014). JP Morgan Chase Company’s systems were not very secure as the disclosure on the hacking prior to October 2 was so general. It was stated that the firm was regularly targeted by parties that were not authorized by use of viruses and malicious codes. There was also attempts to breach the firm’s data and systems security resulting in unauthorized access to account data of the customers. Media reports indicated that the hackers accessed JP Morgan servers that stored all information about the customers sometimes in the mid-June 2014. The company however learnt about this data breach in mid-August taking steps to stop further unauthorized access to its servers. During the time of the hacking, the United States Secret Service working with the FBI stated that they were doing investigation on the reported cyber attacks on financial institutions in the US. JP Morgan Company continued to insist that the hackers were not able to use the information they had accessed for fraudulent purposes. It acknowledged that the hackers obtained vital information but the company could not be able to monetize that information that the hackers stole. It was an irresponsibility on the part on JP Morgan Company because it was hiding the truth from the customers and also took the whole issue lightly instead of dealing with it (Silver et al 2014). Third-party accounting system:The level of responsibility of the software provider to both the business and its clients. The service provider has a responsibility of ensuring that both the business’s and client’s stake are secured. He should make sure that they are protected from the risks that come along as a result of system hacking. System hacking may be doneeither willingly or unwillingly. Organization stakeholders, competitors, and suppliers may consciously access (hack) the system with an intention of changing the information in the system. They intentionally hack the system accessing the information so as to get knowledge of future costs of the company and any other information with an aim of misrepresenting the true picture of the company. It is very important that the IT department and the information security administration suppliers in the organizationwork as a team so that the risk of loss that may be caused by the system hacking may be prevented. System administration suppliers should be chosen in line with the set rules and regulations and system authorization must be observed and assessed consistently. The system administration should be terminated in the case where the administrator exposes the system to the risk of insecurity and lessening the system’s validity. Hacking of the system may arise due to the risk on the account of system administration suppliers and outsider increments controlling receipts and exaggerating them. Sometimes the company should use outside system administrators especially when the business has expanded enough. When the organization is outsourcing the system administration services, the system executive should guarantee the safety of the system. An argument for additional regulation as a preventative measure against businesses being hacked Internal controls of accounting information is very important if hacking is to be prevented in any organization. According to 1SA 400, Internal control system refers to all procedures and policies that are adopted by the management, and are meant to assist the management to achieve its objectives, safeguarding organizations, detection and prevention of errors and fraud, completeness and accuracy of accounting records and timely preparation of reliable financial information. Control and prevention of fraud is majorly pegged on the control procedures in any organization i.e. the policies and procedures established by the management to ensure that specific objectives of the firm are achieved. Some of these control procedures include checking of arithmetical accuracy of records, reviewing, reporting and approving reconciliations, controlling the applications of computer information systems, for example establishment of controls over any changes to the computer program. There also should be control procedures on access to data files. In addition to these regulations that are majorly aimed at preventing the crime of hacking, direct physical access to assets and their records should be limited and there should be approval and control of documents. In so doing, there will be limited hacking of the system as unauthorized systems access is restricted and limited to only a few trusted individuals in the organization. Three (3) recommend...