Information Systems: Dimensions and Defence against Cyber Attacks

Introduction to Information Systems

An information environment is a kind of place where information interchange happens. The information atmosphere is the combined process of people, communities, and arrangements that gather, process, distribute, or act on material. There are resources, such as systems and materials, engaged in collecting, observing, or acting on the information. Management Information Systems (MIS) play a crucial role in the information systems framework, helping organizations streamline operations while also serving as a strategic layer of defence against cyber attacks through real-time monitoring and informed decision-making.

There are 3 dimensions in regard to the management information systems: the physical factor, the informational factor, and the cognitive factor. The environment of information includes the system and networks through which the data is created, shared, and processed (Andretta, 2012). The properties of information systems can be electronic or humanoid to humanoid or a mixture of both.

Here is a brief overview of these information system dimensions.

• Physical Dimension: The physical dimension of the information environment is related to command and control. It connects the physical platform and communication network. It is a neutralized system linked across domestic, monetary, and terrestrial borders.

• Information Dimension: It is the factor where the data is gathered, managed, and displayed. In this dimension, several actions are taken that affect the content and movement of information.

• Cognitive Dimension: The cognitive factor includes the thoughts of those who convey, accept, and retort to or take action based on information. It refers to persons’ or collections’ information processing, observation, analysis, and decision-making. These features are affected by many aspects, including individual and social principles, standards, susceptibilities, inspirations, sentiments, involvements, ethics, training, mental health, individualities, and philosophies (Alshammari, Beach, and Rezgui, 2021).

What is Information?

Information in cybersecurity plays an important role. Information is a set of collective knowledge about a security system's data. An organization's information is a valuable asset. Hackers can attack, and the company can be the target of a data breach (Alshammari, Beach, and Rezgui, 2021).

Research: The Concepts of Deterrence, Detection, Protection, and Reaction

In research on information systems security, management of information systems supports the core concepts of deterrence, detection, protection, and reaction by providing structured data, analytical tools, and real-time insights that enhance an organization's ability to anticipate and respond to cyber threats.

Understanding Deterrence

Deterrence theory involves using threats to discourage unwanted actions. In cybersecurity, deterrence aims to prevent attacks by influencing behaviour through the fear of consequences. It seeks to protect information systems from breaches and unauthorized access by implementing strict policies, strategies, and controls. The core goal is to reduce the risk of cyberattacks by making them less appealing or more costly for potential attackers (Pickering and Davies, 2021).

Understanding Detection

It can be described as the process of recognizing the security threats in a network. The detection process helps to monitor the real-time data and examine abnormal behaviour. Professional hackers have access to advanced tools for leaking sensitive information. So it is important to detect the early signs of data breaches so that organizations can implement action and strategies to prevent cyberattacks.

Understanding Protection

Protection is essential for securing information systems. It involves measures like two-step verification, strong passwords, biometric authentication, and intrusion detection systems to prevent unauthorized access and data breaches. Effective protection also includes regularly updating software, applying security patches, and monitoring network traffic. Beyond technical safeguards, educating employees on cybersecurity practices such as using strong passwords and avoiding the sharing of sensitive information is crucial. A well-rounded protection strategy ensures a swift and effective response to potential threats.

Understanding Reaction

The reaction to security breaches involves a series of actions and plans to address threats like hacking and unauthorized access, which compromise the confidentiality, integrity, and reliability of an information system. Key steps include identifying the incident, deploying tools to detect unauthorized activity, and forming a response team. This team, often composed of IT and security experts, develops strategies to mitigate damage. Containment measures are implemented to prevent the breach from spreading. Analyzing the incident also helps identify system vulnerabilities and improve future defenses.

Deterrence, detection, protection, and reaction are essential to safeguarding information systems from unauthorized access and cyberattacks. These stages involve various measures such as intrusion detection, data authentication, security policies, and staff training. Deterrence relies on clear policies and enforcement; detection focuses on identifying breaches; protection includes methods like data verification; and reaction involves response plans to contain and recover from incidents. Together, these steps help mitigate risks, protect sensitive data, and strengthen an organization’s cybersecurity posture.

Defence In-Depth Strategy

Information systems used in several organizations and firms can be protected from data breaches and cyberattacks through a defence-in-depth approach in which safety panels are covered from the overall network (Nuclear Power, 2023). The defence in-depth strategy includes wide-ranging security and safety measures that help prevent the occurrence of cyberattacks and mitigate the risk of malicious attacks. The strategy involves several processes of implementation to defend against malicious acts (Luthra, 2022). It includes several steps such as:

Technical controls

• The integrity of the system: The system integrity is one of the most important parts of the security measures. This layer helps to provide inspection, testing, and maintenance to the critical system. This will increase the system's reliability and quality by implementing extra security measures.

• Security of the operational system: The operational system plays a crucial role in the major activities. So this layer contains wide-ranging operations such as maintenance activities, training programs, and simulations to improve security and prepare the staff for emergency response (CISA, 2023). 

• Prevention of malicious attacks: The prevention of cyberattacks is one of the crucial layers in the defense of an in-depth strategy. This layer includes a high-standard construction design, regular inspection and examination of the event reactors, effective training and education programs, and availability of resources to prevent security threats.

Physical controls

• Hardware security: This step includes physical measures to prevent unauthorized access to specific areas of the organization. The layer focuses on deterrence and detection of security threats so that the firm can develop strategies, such as physical barriers, across the firm. Advanced technology could help prevent the threat and risk.

• Emergency response plan: This layer involves plans and strategies for emergencies. It includes efficient coordination and collaboration with the local authorities, fire departments, and external agencies, support from IT professionals, training and education for security measures, and an emergency response plan to prepare the team and operator for the emergency.

• Strong collaboration and communication: This layer includes an effective communication system between the security officials of the firm, its departments, and administration. This will help to prevent the containment of the security breach and help to recover the situation in case of cyberattacks.

Administrative controls

• Personnel monitoring system: Any organization needs to restrict access to sensitive areas. To minimize the risk of an insider attack, it is essential to ensure the screening and monitoring of the firm.

Conclusion

The report provided insights into the cyber operational plan and in-depth defense strategies against the malicious attacks that are being observed on an organization, The following report was based on the concepts of deterrence, detection, protection, and reaction to those risks.

References

• Alshammari, K., Beach, T. and Rezgui, Y. (2021). Cybersecurity for digital twins in the built environment: current research and future directions. Journal of Information Technology in Construction, 26, pp.159–173. doi: https://doi.org/10.36680/j.itcon.2021.010.

• Andretta, S. (2012). The multiple-context relational approach generated by the empirical research. Ways of Experiencing Information Literacy, pp.89–161. doi: https://doi.org/10.1016/b978-1-84334-680-7.50004-8.

• Luthra, S. (2022). Security in place to secure India’s nuclear power plants from cyber-attacks: Singh. [online] https://www.livemint.com. Available at: https://www.livemint.com/news/india/security-in-place-to-secure-india-s-nuclear-power-plants-from-cyber-attacks-singh/amp-11670489850008.html.

• Nuclear Power (2023). Defence-in-depth Principle | Definition & Levels | nuclear-power.com. [online] Nuclear Power. Available at: https://www.nuclear-power.com/nuclear-power/reactor-physics/nuclear-safety/defence-in-depth-principle/.

• Pickering, S. and Davies, P. (2021). Cyber security of nuclear power plants: US and global perspectives. [online] Georgetown Journal of International Affairs. Available at: https://gjia.georgetown.edu/2021/01/22/cyber-security-of-nuclear-power-plants-us-and-global-perspectives/.