Challenges And Mitigation Strategies For Information Systems In Business Operations: A Case Study Of Apple

Overview of Information Systems in Business Operations

The rising complexity of business operations in organizations requires equally effective measures and mitigations strategies. Managing the efficient flow of processes within an organization calls for the incorporation of constructive management strategies which plays a crucial role in ensuring that errors are minimized and a good return on investment registered. The incorporation of information technology in business operations has led to the emergence of technology aided business processes. Most organizations have since introduced the use of information systems in a bid to increase the efficiency levels of its operations. This is because information systems are vital in increasing convenience levels by producing good and accurate results within a short period of time at relatively affordable costs. Despite the advantages that come with the use of information systems in organizations, there are a number of shortcomings that accompany the use of information systems in business operations. The rise of cyber crime and the increasing number of technology experts has consistently placed organizational data at risk of intrusion. This paper focuses outlines some of the challenges associated with the use of information systems in business operations (Ashforth and Kreiner, 2010). The report also outlines a number of mitigation strategies which can be implemented in these organizations in order to enhance long lasting resolutions. The report is given with reference to Apple, one of the leading multinational technology companies.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

The report seeks to address the following objectives:

  • To identify the various Information system assets within Apple Company as an organization that uses IS to moderate operations.
  • To outline the possible threats that places the organization at risk of losing its data through intrusion of the information systems.
  • To identify the possible mitigation strategies which can be implemented by the organization to minimize the threats and risks while enhancing the security of the systems.

This threat serves as one of the leading vices in the area of cybercrime.  Ransomware is the type of virus that attacks the systems of an organization hence hindering the users from accessing their own files (Arai, 2010). In this case, the user is required to offer a ransom in order to be allowed to open their files. The mechanism here entails the malicious access of an organization’s crucial files by unauthorized parties. Once the criminal has control over the files, the ask for ransom before allowing access.

Ransomware often get into an organization’s system through phishing emails which may contain malicious attachments and scam. Accessing and opening these mails allows the malware to access and encrypt the organization’s files. The other possible entry point is through drive-by downloading. This happens when one visits an infected cite where the malware downloads and installs itself without the knowledge of the user. Other entry methods include the social media as well as instant messaging applications.

Challenges Associated with Information Systems in Business Operations


Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

A common tool is proper education and increase of awareness among the company workers on the threats associated with ransomware. Apple can conduct adequate training and exposure may play a crucial role in stopping the workers from accessing cites and engaging in activities that may make the organization vulnerable (Bettig, 2010).

The second approach involves the use of decryption tools for instance AVGs ransomware tools. This software is helpful especially after attack as it helps to decrypt and there set the affected files free from the malware.

This tool is helpful in preventing the organization from invasions by malicious software. The antivirus resolves the risk by detecting and blocking the ransomware before they are unknowingly downloaded and installed into an organization’s system. The increasing use of social media platforms also increases an organization’s risk of invasion. It would therefore be important for Apple to install the most effective tools which would be helpful not only in detecting and blocking the entry of the virus but also by decrypting and removing the ones that are already installed (Burk and Mark, 2009).

At Apple Company International, there are routers and switches which are configured to respond to Simple Service Delivery Protocols over the internet. Many attackers take advantage of these routers by creating high traffic, usually more than what would be the case using the original bandwidth. Once they interfere with the system, the attacker then use DDoS to send the malware to a third bird computer. In this strategy, the attacker sends requests which contain a spoofed Internet Protocol address to a third party computer (Dubin, 2009). The computer then sends responses to the spoofed address instead of the originally intended destination. The spoofed address is usually that of the intended victim which is Apple in this case. The third party computer can therefore be used to transfer the malicious software into the system of the intended victim.  At the same time, there are technology regulated switches within organization mostly operated by computers which contain specific encryptions fitting the purposes. Since the systems depend on computer generated instructions, there is constant access to the internet especially when there is need for updating. The malware can be downloaded into the system files in this process thereby compromising the original codes. Research indicates that through the routers and switches, the attackers launch less powerful attacks. However, the impacts that come with these attacks may end up aggravating hence the need for the right mitigation strategies.

Mitigation Strategies for Challenges

Reliability of a web service involves the tendency of a web service to remain effective in serving the interests of the users. This therefore implies that the interface ought to be user friendly and its access should not be accompanied by infections from malicious software. To enhance a reliable web service, Apple Int. needs to develop a platform in which the users obtain high levels of satisfaction with minimal errors. On the other hand, web service availability implies the web uses should be in a position to speedily access the contents of the web services. This indicates that for Apple to achieve effective web service availability, accessing the platform should not be hindered heavy traffic. Apple Company being an international organization has a huge number of users who depend on its web service. The service ought to involve an efficient interface where users take the shortest time to gain access and obtain the required information about the company (Goldstein and Reese, 2010).

The overview above describes reliability and availabity of a web service based on the ease and speed with which the interface can be accessed. However, a web service is considered reliable when the individuals who access it are not at risk of infection from malicious software. In order to enhance the reliability and availability of its web service, the organization needs to install a running database. This approach involves configuring a reliable messaging service which ensures that the connection and interaction strictly remains between the server and the client. This prevents invasion from third parties hence minimizing any associated risks when it comes to accessing these sites. At the same time, web service availability can be enhanced by changing the width or database columns. This is because the nature of bandwidths used in designing a web service has a special influence on ease of access. Adequate data base columns minimize congestion which in turn improves convenience (Greenhalgh and Rogers, 2010).  

There are a number of strategies which the organization can install to ensure that the confidential and integrity of staff email is maintained at all times. To begin with, there is need for staff training on security awareness. This approach enables the staff to engage in email interactions that involve the least risk of infection. Secondly, the organization should implement and maintain access control mechanisms through effective password and resource management. This ensures that each staff member has absolute access to their logging details (Johnason, 2010). These details must never be shared with any other individual as this leads to a breach in the privacy requirements.

Case Study: Apple

The organization also needs to establish dependable identification and authentication methods. This can be achieved by having the details of the staff members stored in a database and only retrieved in occasions when authentication is required and absolutely at the request of the user. The last strategy that can be put in place to enhance confidentiality of staff emails is by installing and using effective devices which are free from infection by any unwanted software. For instance, when the sending of emails is done be don through a computer device, the organization needs to install the right anti-virus tools which are vital in shielding the staff and other device users from attacks and related risks (Klerck, 2009). In a nut shell, it is the core mandate of the organization to protect its users by installing systems which have proven effectiveness in eliminating the threats associated with sending and receiving emails.

Ransomware: Cyber criminals use malicious attachment to lure email users into downloading and installing malware into their systems. The malware then attacks and affects files within the system leading to security issues within the organization. This type of malware encrypts files before demanding fees to enhance restoration.

Phishing: This involves the use of malicious and majorly psychological manipulations to lure victims into issuing crucial information about them which the criminals then use for malicious purposes.

Spoofing: In this case, hackers use addresses which are very similar to the legitimate ones hence deceive their victims into using them. This form of malware invasion occurs mainly because email lack effective address authentication mechanism

Whaling: This is a cyber criminal strategy which is mainly aimed at invading big companies. The type of system invasion is also referred to as business email compromise. The attacker sends an email to an individual within the organization giving instructions that are capable of effecting a transaction. The various types of malware have been arranged in order of increasing priority which implies that whaling poses the biggest security threat to business organizations. In addition to losing grip of crucial information, the organization incurs losses in large amounts as a result of business email compromise (Schechter, 2010).

There are various approaches which can be used to enhance server availability. In this case, we highlight two of these. The first approach involves eliminating single points of failure. This strategy involves identifying the specific areas within the system which hinder its effective performance. These points of failure are then eliminated and replaced with more efficient ones. The diagram below indicates a simplified system with each component strategically placed. This structure makes it easy to identify and hence eliminate the points of weakness.


The second approach involves implementing geographic redundancy. In this strategy, the organization can enhance the availability of the web service by hosting its application in two different geographical areas. To enhance high performance, the application ought to be hosted at a position that is geographically close to the end users and consumers. This method does not only provide an effective alternative in case a link fails but also contributes in the general improvement in the performance of the system.

As a strategy for enhancing the performance of web and email servers,  an organization may use the approach of log records to monitor past activities and hence not the areas that require the necessary adjustment. Log records are obtained when the application is configured to record activities within a given time base. These logs are then stored in retrievable databases hence can be user at a later level especially during analysis. Log records play a crucial role in helping the organization to identify the specific points of weakness which are some of the causes of server problems.

Audit log reports are crucial in enhancing analysis and monitoring. As a mitigation strategy to ensure reliability of web and email servers, noting the points of weakness ought to be followed by constant updating of the system (Schechter, 2010). In order to effectively achieve this, it is vital to perform the necessary system audits which go a long way in helping an organization to note the specific components of the system that may require adjustment of overhaul. Audit log reports offer important facts which when retrieved and analyzed places the organization in a better position to effectively manage the issues related to its information system security.

Information systems generally involve operations that revolve around people within an organization and its surrounding. This there reveals that there are a number of human factors which have either a direct or indirect impact on management of information systems, security issues and related risks.

To begin with, the confidentiality of data and crucial information about an organization majorly depends on the integrity of the people with the organization. Authentication and security mechanism require that individuals ought to treat confidential information with the right sensitivity. This prevents attackers from gaining access into the system. If there is a traitor within an organization who as well has crucial data regarding the information systems then the security of such systems become threatened (Klerck, 2009).

Secondly, the number of people using a particular interface influences the level to which the system’s security can be maintained. A system accessed by many individuals may often be prone to attacks especially in cases where the established measures are not as effective as required. In addition to enhance system availability, there is need for effective management strategies which ensure that the number of individuals using a system at a given time is properly controlled through valid security measures (Klerck, 2009).

Lastly, the success of risk and system security management depends on the willingness of people especially workers within an organization to embrace the organization’s stated security policies and regulations. The policies are only effective when each stakeholder remains commitment and supportive to their implementation. In a nut shell, individual and corporate behaviors among people within an organization have a special way of influencing the extent to which risk management strategies shall be achieved.

To enhance system security, there is need to have the most effective security devices which do not only prevent invasion by malware but also undo the ones that have been accidentally installed into the system (Dubin, 2009). The following are the proposed security devices:

Firewalls: These are applications which are installed into the system to regulate the sites and addresses which can be accessed or responded to by the user. Firewalls are crucial in blocking the intrusion of malicious software into a system.

Antivirus scanning device: This devices is essential in the detection of unwanted software through scanning, the devices is able to identify the files and applications whose inclusion into the system may threaten the security. The device doesn’t only identify the malware but also blocks their entry hence securing the email and web servers.

Penetration testing device: This device is used to gain access to the system peripherals to aid in detecting the system problems and their possible causes. Once the anomaly has been identified, the organization can then establish the effective mitigation strategies aimed at enhancing system performance.

Vulnerability assessment appliance: The device works on the same principle as the penetrating devices. Through scanning, the device is able to point out the prevalent system issues before delivering the necessary counter strategy.

Intrusion detector: This device identifies the applications and elements whose interaction with the system may pose security threats. Intrusion detectors are helpful in identifying the malicious attachments usually sent through emails with the core intention of hacking a system.


System security is a crucial requirement in successful management. This is because a secure system has a central influence on the flow of other processes within the organization. Identifying the various aspects which compromise system security is a step in the right direction. Apart from highlighting the information system security issues, the report also details the various mitigation strategies which can be implemented to obtain long lasting solutions. The details of the report would therefore be important for a manager seeking to enhance the performance of their systems by minimizing the related security threats.

To enhance information system security and risk management, the organization should:

  • Conduct training on security awareness which improves staff commitment to security enhancement.
  • Implement and also maintain the most effective mechanisms of access control.
  • Develop and establish policies and standards as well as guidelines on security related strategies.
  • Establish the right change control procedures to help in improving the weak points of the system.


Ashforth, B and Kreiner, G. (2010). How can you do it? Dirty work and the challenge of constructing a positive identity. Academy of Management Review, 24(3), p. 413-434.

Arai, H. (2010). Intellectual Property Policies for the Twenty-First Century. The Japanese Journal of Experience in Wealth Creation, 2(1), p. 23-24.

Bettig, R. (2010). Critical Perspectives on the History and Philosophy of Copyright” The Political Economy of Intellectual Property, 2(1), p. 9.

Burk , L and Mark, A. (2009).  The Patent Crisis and How the Courts Can Solve It. US: University of Chicago Press.

Dubin, R. (2009). The World of Work: Industrial Society and Human Relations. Englewood Cliffs: Palgrave.

Goldstein, L and Reese, R (2010). Copyright, Patent, Trademark and Related State Doctrines: Cases and Materials on the Law of Intellectual Property. New York: Foundations.

Greenhalgh, C and Rogers, M (2010). Innovation, Intellectual Property, and Economic Growth. New Jersey: Princeton University Press.

Johnason, P. (2010). Human resource management in changing organizational contexts.  Human resource management. 2(1), p. 19-37.

Klerck, G. (2009). Industrial relations and human resource management.  Human resource management. (1), pp. 238-259.

Schechter, R. (2010). Intellectual Property: The Law of Copyrights, Patents and Trademarks. New York:Wadsworth.