Introduction The discussion is an essay paper on hacker target and response. As the chief information security officer in the Grayson Global organization, I have been mandated with the sole responsibility of ensuring that the information technology system of the company is effective and not under any threat from the malicious acts of hackers. Hacking refers to the unethical use of information technology to have unauthorized access to sensitive information on a computer or network within an organization. This therefore hampers or interferes with the security and privacy of the computer users, the safety of information within an organization among other key issues. Last month, the organization terminated the employment of Mr. Aiden Matthews due to his misleading conducts within the organization.
Mr. Matthews was one of the senior officers in the organization and had access to highly-sensitive information stored on the organization’s intranet. Being the Chief information officer, I have received threatening information from unknown sources that Mr.
Matthews is planning to retaliate the termination of his employment in Grayson Global by hacking into the information systems of the organization. The discussion paper will closely examine different aspects in relation to the retaliation acts towards the safety of the information system within the organization.
First, the paper will examine what the terminated employee may target, what methods he may use and the damage his activities might cause to the information system and the whole organization in case he succeeds to hack the system.
The discussion of the essay will also focus on my preventive actions and responses I will take towards preventing the hacking activity from happening as the chief information security officer. What the terminated Employee may target?
The terminated employee, Mr. Aiden Matthews will be out to target to exploit any existing weakness in the information system within the Grayson Global organization. His malicious behavior may be targeted towards interfering with most of the organization’s crucial information. Firstly, he will be targeting the Finance department within the organization. Since he well knows that Grayson Global is a multinational company making massive profit margins on a daily basis, he may hack the finance software system and channel all the organization’s funds to his account. Bearing in mind that the company has more than 200 subsidiaries in almost 50 countries and that the control of finances is directed from the main office in which he was working form, he may pose to be a challenge to deal with as far as the safety of the financial position of the organization is concerned.
Secondly, I am afraid that Matthews may target to manipulate the normal behavior of network connections and the connected systems within the organization. Being one of the key senior officers within the organization who was well enlightened in information technology aspects and their related working, he may maliciously attack the programs that run on the internet and other networks within the organization.
Crucial information only directed to the key employees of the organization might also be leaked out. As most organizations tend to ensure maximum safety of their organizations undertaking from exposure to third parties, he might expose such information.
For example, information related to copyrights, patents and the sole ownership of the production methods of certain products of the organization may be leaked out thus creating a competitive loop for competitors of the organization to utilize that information to produce similar products.
He may be driven by the desire to secure access to the passwords and login codes used in the key departments within the organization. For example, the login codes in the finance department, the production, the human resource, the information technology departments among others.
This may render the organization’s safety under threat. What Methods he might use? Mr. Matthews may decide to attack to attack the information systems of the organization by coming up with malwares.
These are malicious soft wares, or array of nasty batches of codes that negatively interfere with the safety of computers, networks and even the internet. Aiden is a graduate of Information Technology from Florida University.
Being a graduate in IT gives him an upper hand and proves that he clearly understands how hacking an information system is all about. He may hack the information system in Grayson Global using scripts and other network programming techniques.
He may decide to use computer viruses, worms, Trojan horses, rootkits, backdoors and even key loggers. Using such methods, he will be able to manipulate data that passes through network connections within the organization.
The manipulation maybe designed in such a way that he will be in a position to gather more information about how the target system works. Mr. Matthews might maliciously sabotage the computer systems within the whole organization, infiltrate the networks and even spread computer viruses to infect the systems soft wares within Grayson Global.
He may build a Trojan and backdoors. These soft wares carry dangerous payload and may destroy completely the computer systems within the organization. The Trojan horse is a very harmful virus that can record everything in the computers and send it back to the hacker (Kim, & Solomon, 2014: 2024 – Essay Writing Service. Custom Essay Services Cheap).
The virus can also send out spam e-mails or even attack the whole system of computers within the organization. With the use of the backdoor software, he may be in a position to access the computers of the organization whenever they are online.
Since it serves as a remote control, he will have full access to every facility within the organization and all files on the computers of Grayson Global. He may also use phishing scams to attack the computers systems within the organization. This is a catch in which the organization may be required to send in the organization’s banking information for processing. What the people dealing with delivering of such information from the organization are not aware of is that the information and the money are going direct to the hacker. He may also set up drive-by downloads. These are websites that are embedded with viruses. Using the key loggers, he will be able to record keystrokes thus discovering passwords and login codes that harbor crucial information of the organization.
The Damage his Activities might cause to the Information System of the Organization Mr. Matthew’s malicious activities might cost much to the security of the information system of Grayson Global organization. The damages may range from sales losses, additional costs, and data loss, to even creating a negative public image and reputation of the organization. Firstly, his hacking activities will destroy the computer systems within the whole organization. He will be in a position to break to the large network of the organization. He will illegally gain access to the networks within the company, and even have access to the entire database of the organization that might contain highly confidential information. He will be able to access all the soft wares, files, corporate and private data concerning the organization. This might prove to be dangerous in the safety of the organizations operation.
Successful hacking of the information system of the organization may lead to the employee changing the settings on the existing networks and even implanting other malicious soft wares of his own. Hacking the system of the organization might prove to be a serious criminal activity that ranges from theft of the organization’s resources to even ultimately terrorizing the entire operation of the organization. Computer hacking is a breach of computer security. This will expose sensitive user data and even risk the privacy of the users.
He may delete sensitive information of the organization on gaining access on it.Use of the identity of another person for personal interest or gain might lead to termination of other employees within the organization. Use of key-logging software might lead to stealing of passwords and account details of the organization. He might even plant in a DOS attack that makes the resources of the computers within the organization unavailable to the authorized users (Hawker, 2000).
Hacking of the information system might also lead to theft of critical business information. He might delete or manipulate important information about business clients and customers. Hacking the website of the organization may render its operations non-operational for an extended period of time. During the time that the business does not operate, it can lose customers and experience huge losses. Restoration of hacked websites and information systems of the organization might cost huge spending thus translating to the organization experiencing a decline in its profit margins. The organization has also to pay for security and protection measures to prevent potential hacking attacks in the future.
Hacking of the information of Grayson Global might damage and create a negative public image and reputation of the organization. The repeated target of hackers of the organization’s website might end up bringing the organization significantly down. Ultimately, the reputation of the organization is negatively affected. The consumers of the products of the organization might think that design of the company is poor, that is utilizes ineffective protection among other negative impacts. For example, if the hacker deletes or has an access to the customer’s account user names and passwords, this creates a bad public image thus losing potential and prospective buyers of the products of the organization.
Preventive Actions and Responses as the Chief Information Security Officer As the Chief Information security officer, I have to ensure that I come up with and implement proper preventive actions and responses as far as the malicious hacking of the Grayson Global information system is concerned. First, I will ensure safety of usernames and password secrets of the organization. It is also advisable to ensure that computers within the organization have antivirus and firewall protection soft wares properly installed. I will also ensure that there is change of default passwords with immediate effect.
A key preventive action is identifying entry points is the system. This will be ensured by installing the proper scanning software programs to ensure safety of the internet within the organization. This can be strengthened by the help of skilled ethical hackers who have undergone special network security training so as to perform the tasks successfully. Safety of the information system within the organization can also be ensured by regularly performing attack and penetration tests (Hawker, 2000). These attack and penetration tests will help identify the vulnerable points within the internet of the organization that bears easy access from both external and internal users. Identification of the points will provide an avenue to prevent attacks from external sources and correct any pitfalls that may exist within the information system.
I will also initiate user-awareness campaigns within the Grayson Global organization. These campaigns will be crucial in enlightening the users of the computer and information systems and network within the organization to be aware of the pitfalls of security and the necessary security practices to help minimize the occurrence of risks associated with hacking and security interference.
These campaigns can be implemented by conducting social-engineering tests to determine the user awareness. Proper protection of the information system cannot be fully ensured not unless the users are ware of certain key issues and factors related to the networks and information systems within the organization.
Back up of crucial data and information is also an important measure to curb with the malicious acts of hacking. Use of an external device or on online services provides safety of the organizations information.
Thus, in case the hacker deletes or manipulates the organization’s information, the original data and information can easily and securely retrieved (Godbole, 2009). Another key prevention action is the implementation and continued use of password policies. This has to do with ensuring that the information systems within the organization have secured password lengths and relatively easy to remember. The passwords should also be changed regularly. They should also be made up of both alpha and numeric characters. This will help improve on the uniqueness of the passwords. Use of password-less authentication is also advisable. This can be ensured by use of smart cards and other advanced methods to ensure effective security of information technology systems and computer networks within an organization.
Conclusion Hacking has become one of the malicious acts through which employees whose employment has been terminated from an organization are suing to retaliate to their end of employment history. It has become one of the prominent means through which the success paths of many organizations has been interfered with thus leading to the failure and even exit from business. Thus it is a concern of the top management of any organization to direct the chief information security officers of their organization to take up, initiate and implement key policies and measures to help curb the damages that come up with hacking of their systems. Today’s success of any organization is pegged on the firm security of the organization’s information system.
TCHR5009 Assessment Task 1 THEORY TO PRACTICE: EDUCATION AND CARE FOR INFANTS AND TODDLERS
TCHR5009 THEORY TO PRACTICE: EDUCATION AND CARE FOR INFANTS AND TODDLERS Summary Title: Assessment Task 1: Professional Philosophy and Critical Reflection Type: Report Due Date: Monday 15th July 2024 11:59pm AEDT (Week 3) Length: 1500 words Weighting: 50% Academic Integrity: GenAI May be Used Generative Artificial Intelligence (GenAI) tools, such as ChatGPT/Grammarly, may be used […]
