Evaluation on IT Security Systems (Research Paper Sample)

Evaluation on IT Security Systems
Student’s Name
University Affiliation
Evaluation on IT Security Systems
In any office setting, the security status of the information systems is essential to the safety of the records, the efficiency in running of the system and ultimately the level of tamper- proofing the system has. Although all systems are prone to attack by various overrides and spoofs, the heightened security of a network would reduce the possibility of interference with the systems, and in this way averting situations such as this case scenario. An employee successfully hacked into a records system and was able to create a false state, which allowed him to find his way into the data storage system (McCumber, 2004). In this manner, he overwrote the data on the store data and later on caused consequences to other employees in the business.
A case involving hacking into data systems should be considered malicious and treated in the same manner since the hacker is motivated in the destructive aspect. The IT department was however able to identify the threat and install limiting measures in the same respect. However, this response came rather late, since significant damage had already been done. While considering the aftermath of this case, on should also analyze the importance the data that was accessed by the hacker, as compared to the sensitivity of the detecting apparatus available; in addition to the security status of the whole system (Hu & Mao, 2007).
The incident can be described in terms of the security override employed, the surpassing of the installed firewall and the actual break-in. The hacker initially engaged spoofing technique, which allowed him to create a ‘listening window’. Thus, this hacker was then able to falsify his identity, gaining access to stored data. Since he was able to write the data, it can be rightly presumed that he had already gained standard user access (Ratnam & Rajkumar, 2012). Later on, after creating a user profile, he was able to exchange emails with the auditor. Through this route, he gained access to other financial records in the same way he accessed the initial records. After modifying significant units of data, this unusual activity led the IT staff to realize that an external party was making the mentioned alterations.
In the case of such an event there are some departments that need notification, in an attempt to contain the situation. There were significant financial records modified, so the auditor and the financier need to know. All IT security personnel also should be invited to scrutinize the situation, all the while identifying other possible gateways for hackers. Concerned stakeholders, including the manager of the firm, the security detail, and major decision-makers need to be involved. In the post-event evaluation, the IT department was rather blind to the goings-on, since they only identified the situation when there were other indicators of the attack. In containing the attack, the IT department first needs to shut down all unnecessary networking itineraries in the business, until all possible gateways are manned in preparation for any further attack- this measure would be a semi-permanent solution, while the network is patched up. Afterwards, the financial records should be re-evaluated immediately, with any sort of reconciliation of records being done at this stage (McCumber, 2004). Continuous assessment of the records should be a standard practice since the possibility of one of the staff, including the IT personnel, changing a part of the data in the financial records is possible. Additionally, the installation of an updated security profile would reduce the possibility of attacks from external parties.
Several factors contributed heavily to the occurrence, most of these factors being avoidable. IT systems are always under attack from malicious, roaming, and targeting hackers, who aim at gaining access to sensitive data within the network. These hackers target communication between the various departments, with the hope that sensitive messages (such as the emails from the auditor) will be passed through the system. All preparedness to such situations should be done before such situations since the losses from hacker attacks are hardly quantifiable. IN the first place, a factor of under-preparedness for the attack caused the employee to have an easy time accessing the system. Lack of a scanning agent, one that would detect unusual changes in communication and stored data contributed to the losses after the attack. Essentially, this is because the agent would detect the change immediately and alert personnel; directly limiting the hacker (Hu & Mao, 2007). Then, the possibility of the changes in sensitive data could have been averted by the password securing of the documents. Most data editing software have two-step security, which requires the users to have an authentication password after accessing the file through the folder security.
In the restoration of the system, several parts will need total overhauling, with others requiring updating to current security settings. In the first place, the documents will need changeover to newer formats with security apparatus setup. As much as the firm can rely on the security if their network installation, this can prove disastrous in the case of a well-structured attack. Additionally, the systems need a real firewall; one with updates for overrides such as fake IP’s, Heartbleed supersedes and overuse status adapters (Ratnam & Rajkumar, 2012).. Afterwards, the user identity verifiers have to be updated, such that the user’s presence is limited to the business. Use of such an installation would reduce the possibility of an attack to the inside of the building. When the system refurbishment is complete, the network can be re-launched to apply all changes. Invitation of an external white hat hacker to test the systems is advised since he would be able to identify any other weaknesses the systems have. He would quickly confirm the operability of the new system, and allow for further patching to be done.
Although the IT personnel positively identified and described the attack, their reaction was limited to the occurrence alone encouraging the occurrence of another attack. Their reaction was only in response to the initial record-changing occurrence and did not include all other possible attacks. Information systems need constant checking for threats in relativity to the quality of the previous installations. IN the first place, the staff did not response to the possibility of remnants of the attack, in form of signal sending software installed into the system, created backdoors and bugs (holes) left after the attack. Furthermore, they did...