Technology

Importance of information security education
The use of computing in the organisation by the end-users has been one of the most important components of the overall information resource in any organisation. This trend has been seen not only in the computing processes but in information security as well (Micro, 2007). This is because the use has all the information on how the information is stored in the organization. This knowledge is vital because they can circumvent into the security details of the system and cause havoc or the lack of it can make them very innocent of the security issues and the system can be accessed. The lack of this information is important for the organization. It is due to this that training should be done for the employees of any organization. It is well known that the more educated a person is the more mature and secure decisions they make for the sake of the organization and for the sake of the individual. The questions that rave in the minds of many people is why the education on the security of the systems and vulnerabilities not taken as a serious issue for most of the people The end-users are the one ones who will see these threats and vulnerabilities and will be the ones that will be taken advantage of. This happens due to their ignorance on simple things like keeping confidential information to their selves and making sure that the network is kept as secure as possible. The information security field has recently grown in leaps and bounds and the security professionals have reacted to this by setting up firewalls, intrusion detection systems but have failed to use the most important and vital defense that any organization can have which is educating the people they have so they take part in the fight against this threat. Employees can be the blast line of security in any organization but if they lack all the tools that are needed to defend the network, they will be as ineffective as a newly purchased firewall which is still intact in the box.

Training programs are the educational programs that are set to reduce the number of security breach that is caused by the lack of knowledge for the end-users to defend the system. Security awareness for the employees is so important that government agencies are required to train their employees on the importance of having a secure environment.

If security awareness is made part of the employee orientation, this will set the tone of being concerned with the security of the organization. This training will give the security expectations of the employee from the employee and will not only explain what the policies are, but will also explain why these policies are there in the first place. An example is the fact that if the employee will understand why hisher password must be a certain number of characters and should have certain mix of characters, they will adhere to this. If they could be shown how it is very simple to crack a simple password, then they will appreciate it faster than just leaving them to figure out the reason on their own.

Awareness also instills a spirit of responsibility and helps to point to the employees the fact that they are part of the security custodians of the organization. They help to show them their role in protecting the system of the organization. Awareness helps to motivate the employees and give them the morale and psyche to learn more on the security of the organization. One of the main goals of training id to motivate the learners in the act of securing the system so they will get the training from the conscious to the subconscious.

Another importance of training the employees on information security is due to the fact many people will help the organization fight against insecurity. The information security department will be expanded into becoming the whole organization. The scenario of having 10 employees fighting is not as appealing as having everyone protecting their systems from virus attacks. The latter is easier and more productive to the organization when compared to the former.

In educating the employees, it is one of the ways of managing risks. Having uneducated employees is taking a very large risk which has very devastating results for the organization. The major risk that an organization is taking is the one where they have employees access and rush to have their work done with little or no regard at all to the security of the whole system.

Technology is both a friend and foe to the security of an organization. With many employees using laptops, personal digital assistants, blackberries, and portable devices, the issue of information security awareness cannot be underestimated. The high rates of loss of these vital devices only makes this more serious an issue that many organizations are taking the issue of information security a matter of urgency and concern.

Information security policies
Some of the information ethics and security assurance policies that employees should adhere are discussed in the sections that follow

Transferring documents and information technology that contain very sensitive and personal data policy. This policy should be adhered to so that all employees are responsible for their own information and should make sure that the information is kept secure at all time. This policy is set to make sure that there is a well laid procedure to make sure that there us a clear structure of flowing when attempting to move data from the server to an outside environment.

Protecting personal data and sensitive data policy. This policy is set to attend to the breach of leaving personal documents unattended to in the premises of the organisation.

Information risk policy. This policy is put in place to make sure that the third parties will adhere to the policies and security oconcerns of the company when they are handling the data in the organization.

Signs to show that a website is hacked
There are signs that one should look for to know if their website is being hacked.
The useradministrator cannot log in to their server.

Changing pages every time the administrator log into the system. This is unusual because the administrator is the one who should be changing the pages.

The presence of long shell connection that are logged from users who are strangers to the system is reason enough to be highly suspicious.

There is abnormal increase in the bandwidth that the web stats cannot account for.

There are injections for SQL when one looks at the logs
The worst kinds of attacks are those that the hacker does nothing to the system, like changing the password but using your system to practice phishing to other sites.

The types of attacks that can be experienced in a network are discussed below
Bottlenecks in a network are caused by overuse of the available bandwidth. With the emergence of social networking technologies like Face book, Twitter, and YouTube, it is common for resources to be overused as many people are chatting, sending messages and other social networking activities brought about by these new technologies. These vulnerabilities can be addressed by employing the use of management systems for networks and utilities like trace route where the system and network administrators can be able to know the location the bottlenecks and so can reroute network traffic from these locations.

Destruction of Data
Data destruction can be in the farm of complete loss of information files or loss of data copies to spies. This can be caused by viruses, human activity and natural disasters.

Disaster
Natural disasters such as earthquakes and fire may cause disruption to network services. Human made disasters such as terrorism can cause network services disruption.

Virus Attack
A virus is a program, usually a small program that is build to disrupt normal operations of a computer. Viruses are usually transmitted as attachments to other files with falsified information to show that the file is useful. Once the virus is in the computer it may replicate itself or other files. It has the ability also to delete files including system files. The virus can completely wipe out all data and information on a computer.

As can be seen from the list of types of viruses above, viruses cause multiple forms of threats from complete data distraction, data falsification and hardware loss.

Unauthorized Access
Data interception is another serious vulnerability to networks. Intruders can have unauthorized access to networks. Hackers who are within the company wide local area network can gain access to the network and control data and even alter this data. The data that is being sent in any network must be protected as much as possible to retain their integrity. Network administrators can make use of authentication systems to keep intruders at bay. Firewalls can also be configured to eradicate unauthorized access.

Systems within a network may fall prey to the unintended audiences. Types of unauthorized access may be caused by external persons or employees who are not supposed to access certain network resources.  Unauthorized access falls into four categories of, causal intruders who are practicing the art of hacking, fun hackers who just probe systems to test their security levels,   professional hackers who intentionally hack into systems for particular purposes such as data theft and industrial espionage. These may lead to industrial espionage and data falsification that may result in fraud and losses to the institution the fourth and being unauthorized access by internal employees for any of the three reasons already discussed.

Questions to ask
What are the expected trends in dressing This question is very important so as to get the trends of dressing for both official matters and casual. This question will serve to know what the industry should strive to produce in large quantities in the future.

What is the expected nature of work in the future This is to get to know emerging trends like work-from-home workers who work from the comfort of their homes thus their attire is completely different from that of someone working from the office.

Will the current machinery be able to handle additional workload This is to ensure that with additional workload that could be foreseen in the near future, there is enough machinery to handle.
For how long will the system store the data that were used for mining This is so that the users will be able to know the period in which they can do data mining and for how long the data is useful to the organization.

What is the working culture of the organization This is to get the way the organization work like the business hours, and holidaying season so that we work optimally at all times.

What is the general economic status in the world This is to ensure that all the expenses incurred will be in tandem with the external economy. Reading the money markets is a good idea and will help the planners in planning for the activities within the organization.

How much customer information should be stored and for how long This is so that the frequency of data mining can be achieved. We will be able to know the frequency in which clients change their preference tests.

What are the companys disasters recovery requirements Just in case of a disaster, there is need to have ways in place that will help the company in pulling out of unforeseen calamities.

For how long are managers expected to serve in the organization This will help in getting more details on the period in which management are changed and so that the implementation of new policies is in line with the goals of system enterprise.

What are the strengths and weaknesses of the competition This will help the company understand the competition well. Getting to know what the company has as the competitive advantage over their competition is very important.

Requirements for a data warehousing
Benefits of using a data warehouse
Some of the greatest benefits of establishing warehouses include the fact that the university will be able to execute most business and academic decisions based from multiple sources. An example is that the university collects and store data in 30 databases. The university has not only the power to analyze the data from all the databases but also has the historical information from these databases (Stone,  Jose, 2007). Using a data warehouse give the organization the past trends whether concerning student behavior or lecturers trends in their work.

Another advantage of using a data warehouse is the fact that the information that is received is not restricted to the tables in the databases. The warehouse will be independent of whichever application it was used to develop the databases.

Most warehouses provide the companies recalculated graphs that they use ion their day-to-day running of their operations. They support low cost strategy whereby these warehouses provide savings in billing processes, reduce fraud losses, and reduce the cost of reporting.
In conclusion, the benefits of establishing a warehouse far outweigh the disadvantages. Most companies will benefit from a warehouse when the proper tools are set in place and the users have the knowledge in the use of the warehouse.

Data warehouse implementation
The implementation of the warehouse will be as shown in the Gann chart below
Requirements
The requirements for implementing a data warehouse include
Hardware
Servers  the number depends with the volume of data to be stored
Client computers
Switches
Access points
Server racks
Data cables
Laptop computers
Software
Web server
Application software for client machines and the laptops
Remote desktop connection software
ftp server and client
database servers and clients
Computerization in Pomona Hospital

With hospital processes going complex by the day, it is paramount that most of the processes be computerized. With nurses being required to get the diagnosis from the field, it is important that they use the technologies that are available for their processes to be simplifies. With many deaths occurring in the US caused by medical errors, this could be avoided simply by using information technology (Gritzalis, 2009). The use of bar-code technology to ensure that the right medication is given is something to be grasped. However, there are issues that arise with the use of bar-code readers in the sense that the nurses have to wake the patients for the reader to get the bar-code which is in the patients tag. Most nurses often bypass this because of the fear they have. The use of RFID technology is the remedy for this.

RFID
This technology can be combined with the information system in the hospital and voice over IP (IP) to come up with a single system that will be very useful in tracking patients, staff and the assets of the hospital. The most important implementation is the setting up of VeraFi Wi-Fi (802.11 abg) network router, which is used to establish a connection between the hospitals local area network through an Ethernet port. For the telephone calls to be able to go through the Wi-Fi network, the VeraFi unit needs to have two RJ11 ports that are used to connect regular analog telephones and also for converting the analog call into VoIP using the SIP protocol. This unit also has an RFID transceiver which is used to read RFID tags which are usually placed on the bracelets of patients, staff ID badges and hospital equipment.

The setup will ensure that patients get the correct treatment by use of both the Wi-Fi and RFID capabilities of the router. Nurses and doctors who have RFID-tagged badges will also carry Wi-Fi enabled PDAs or tables PCs. Whenever there is a close proximity of the caretaker with the patient, the Wi-Fi network will deliver the records of the patient to the device of the caretaker.

Apart from saving on the cost, this new setup will help the nurses and doctors get the patients complete records instead of having to work to the central place in search of this data. This is equal to saving 3 minutes on every patient with the use of this technology.

The new setup will also be used to track the patients, staff and the equipment of the hospital whenever there is need for this information. This capability will enable the doctor trace a particular patient without the need to search for the patient traditionally. They can then schedule their meetings very efficiently.

Real-time information is very important for hospital because the urgency of the information is key to the medication of the patients. With current ailments where the treatment should be given on real-time, the information should also be real-time to aid in this scenario.

ERP Software
There are three parts of organizational processes which are strategic planning, management control and operational control. Even though an ERP system does much of the operational coordination across functional departments, ERP systems has also been seen to be successful in management and planning control.

The implementation of the ERP system will help reduce the cost of running processes in most of the departments in our organization. This is due to the fact that an ERP system integrates most of the business processes which ate across the departments onto a single enterprise-wide information system. With the implementation of an ERP, there will be improved coordination between the departments in the company what is more, there will be increased efficiencies in doing business. One of the immediate benefits that the company stands to gain is the reduction of operating costs like lowering inventory control cost, production costs, and marketing costs.

The implementation of an ERP system will nurture the development of day-to-day management. With ERP implementation there will more management of customer processes and will help to win the confidence of the customers. The manual way of serving the customers is not friendly to the clients because they are served slowly and the quality of these services is not to their expectations. The users have a better accessibility to the data so that they make decisions effectively. The actual costs are tracked and activity based costing is achieved.

With ERP, the company will track the strategies that need to be implemented and the management of resources is effectively managed. There is a good logical connection between all these strategies and the sense of their existence is realized with the use of ERP software. Resource planning has been the most successful link in the implementation of the ERP software.

Most of the suppliers for the company are not satisfied with the pace at which their payments for the items they supplied are processed. Although most of the delay has been financial in nature, a good percentage of this delay has been caused by delay in manual processing. With ERP system the suppliers will get faster processes in whatever they are doing and this will help to increase their satisfaction of the company and thus continued support of the company.

Sales will also be improved with the use of ERP system. This is because the process control will be improved and the purchases will be improved. With sales improving, the company stands to benefit a great deal.

In general, we feel the company should implement ERP system for the benefit of improving the overall profitability of the company. We feel the automation of the processes in the company by use of the ERP system will be a great step towards managing the processes of the company. It should therefore be implemented without much ado.

Implementing Internet security policy
With the current trends in the Internet attacks, there is a lot to desire. Organizations have been required to look into the use of Internet content and how they should avoid attacks being downloaded into the computer systems.

The regulations of the Internet use are as follows

Internet access
All access must go through the company firewall. Bypassing the firewall should not be allowed.
All use of the Internet must be authorized in writing and all limitations should be clearly defined.
All issues and risks of Internet use should be assessed before using the service. Integrity of the data must be considered.

All client computers which are accessing the Internet must be running resident protection software.
All users must be authenticated so that they have log in credentials.
All usage and log into the system must log off when they are not using their accounts.
Any licensing of software that is used on the Internet should be analyzed.
Any download of scripting must be approved by the IT department.
All material that is copyrighted should not be sent. All authors should be encouraged to encrypt e-mail messages.
All programs that are downloaded from the Internet should be chuckled by the virus.