Organizational Security - Essay Example

 Organizational Security Asset ID Asset Name Description Asset Value Priority Threat Description Controls in Place ARO Uncertainty Risk Value Controls Needed Action Plan ID 1 IT Technician Handles all queries on the ground $5000 Critical If not available then the IT department cannot attend to user problems 0.7 0.05 2 Software Development Acquiring assets and equipment for the department $10000 High Failure leads to delays in implementation of projects and maintenance of systems 0.7 0.001 3 Microsoft Dynamics Used to manage institution’s procurement $20000 Critical If it fails, or malfunctions, institution cannot procure materials. 0.5 0.05 4 Network Switches Distribute network to various departments $300 Vital Short Circuits kill switch denying network access to peripherals 0.25 0.15 5 Finance database Keeps up to date information on students fees, procurement, projects $20000 Critical Failure of DB halts all financial activities 0.7 0.001 The values for the assets are obtained from the event logs available at the IT department. Some of the data is also available in the asset inventory. For instance, the number of failed network switches can be found in the section containing equipment meant for disposal. Risks the Institution Faces Absence of an IT Technician The IT technician is a very valuable member of staff. He is responsible for ensuring that all IT equipment function as expected. These include desktop machines, laptops, servers, projectors, switches, wireless access points, and LAN access ports. The technician is always on standby to respond to queries raised by users. In addition, the technician works with the system administrator, and IT manager, to install software, configure equipment, and implement any IT related project within the institution. The absence of the IT technician, perhaps due to sickness, death, resignation, or termination of employment, leaves a vacuum as far as his duties and responsibilities are concerned. As such, any tasks that require the technician’s input go unattended to, hence, resulting in failures within the departments that rely on IT services. In order to protect the institution from the risk of lacking an IT technician, the IT department should make sure that there are at least two technicians on duty at any one time (Azari, 2003). If the department does this, then it will be highly unlikely that it loses the services of both technicians. Even if one is unwell, fired, or is away attending to other business, the other technician will be there to handle the queries. The Failure of the Software Development Process The IT department is tasked with the duty of providing applications for the institution. These applications are used to manage some of the activities in the institution; they include student registration and release of exam results. The department can either choose to develop the software or buy it off the shelf. The processes involved in development and purchase of software are complex and can fail if not handled carefully. Some of the reasons that may cause failure are: i. The finances allocated for acquiring the software may not be sufficient. This happens when the department chooses to develop the software. There are instances where the department runs out of money and has to wait, for the next financial year, to receive additional funding. This creates delays or even leads to the termination of projects. ii. There is a high risk that software purchased from commercial vendors may fail to meet requirements. iii. Failure to adhere to recommended software development procedures. iv. Lack of cooperation from those targeted to use a software system. The university can carry out the following activities to ensure that it acquires quality software: i. Ascertain that designers get the precise requirements of the desired software, before making a decision on the appropriate option to take. ii. All the stakeholders should be included in the improvement process. This will inculcate a sense of ownership in them, hence; reduce the level of rejection by users. iii. Provide adequate capital to fund the advancement of new programs Microsoft Dynamics The institution uses Microsoft Dynamics NAV to manage its procurement activities. The software captures all procurement procedures and is, therefore, critical to the operation of the procurement department. However, there are incidences where the software failed to work as expected, sometimes producing false results or none at all. The department keeps a physical backup of its records, which it uses in case NAV fails. Manual operation is, however, slow and inefficient. Some of the problems that the software experiences can be rectified by keeping it up to date; using the latest version will ensure that the department has the most stable and secure tool to use. Procurement should also ensure that they train their staff on how to use the software effectively, as some of the threats come about due to human error. Network Switch Failure Network switches act as paths through which the department distributes network connections within the institution. They connect the terminals to the network router. Switches are, therefore, crucial in the sharing of information within, and outside, the institution. However, just like other electronic devices, switches experience technical and electrical issues. Any failures in switches lead to disconnections. These cost the institution a lot, especially if the switch serves a critical resource. Some of the causes of failures in switches include electrical faults, power blackouts, and loose cable connections. In order to reduce the risk of failure of switches, the IT department should ensure that it deploys high quality network switches that have inbuilt power management systems. This can be enhanced by installing stable power backup systems for the switches, just like it happens with desktop computers. In addition, cables should be firmly attached to the ports to reduce chances of disconnection (Servon, 2002). Finance Database Failure The finance database keeps records of the institution’s financial activities such as fee payment, staff salaries, and income generating activities. Its operation is, therefore, crucial to the running of the institution. The database has failed severally; this has been attributed to various factors such as software bugs, malicious, unauthorized access, and network failures. The IT department has established that most of the failures of the database can be attributed to malicious acts, mostly by staff and students who collude to change financial statements in their favor. The department should implement strict access algorithms that will ensure that it reduces unauthorized access. To do that the IT department needs to develop a two-layered access authentication platform that verifies the identity of the user before allowing any access to the database’s content (Quiqley, 2004). In addition, the database should be accessible only within the institution’s intranet, and from pre-determined IP-addresses. This will ensure that persons with unrecognized devices do not access the database, even if they attempt to do it within the institution’s network. This assignment brings out the heavy dependencies between the activities in institutions and information. Companies that have good communication strategies enjoy high outputs from their activities. This implies that reliable communication is key in the successful running of a company. References Azari, R. (2003). Current security management & ethical issues of information technology. Hershey, PA: IGI Global. Quiqley, M. (2004). Information security and ethics: Social and organizational issues. Moscow: Irm Pr. Servon, L. J. (2002). Bridging the digital divide: Technology, community, and public policy. Hoboken, NJ: Wiley-Blackwell. Read More