In the computer era, more institutions are relying on network systems to communicate and store information. Network systems rely on network connectivity to relay messages or enable the easier retrieval o information. Ideally, entities maintain either a public or private network where the members can easily access information or cause its distribution (Cherdantseva & Hilton, 2013). The network systems make it easier for people in different locations to maintain relations and boost the productivity of the company. Besides, it is possible to enable corporations to conduct virtual meetings with the staff, regardless of their locations. On issues of facilitation, network systems have made it possible for people to access vital information to enhance decision making. For instance, institutions such as hospitals, schools, or administrative organs of the government van share information to aid proper policy formulation and efficient relations. Independent researchers have made remarkable advancements in medical research and industrial applications due to the availability of information.
Overall, network systems enhance dynamic performance; speed up the decision-making process, and save costs. The preliminary analysis uses the experience of the City of Hope National Medical Center where a hacker stole records of over 5900 clients from a laptop leading to serious confidentiality issues and data manipulation. However, network systems face the challenge of infiltration, manipulation, or tampering that may render the data stored invaluable (Spagnoletti & Resca, 2008). Data theft is the greatest concern in network systems administration. Network managers agonize over the possibility of an intruder gaining unauthorized access to the data and extracting it for malicious use. In most cases, the data is used to blackmail the individual users. At times, particularly regarding sensitive bio data, the information contained in the system may embarrass the owner and cause them terrible distress and mental anguish. Medical records are often used to influence policy making in the insurance sector. For instance, the underwriting company can resolve to adjust its premiums upwards in response to the information obtained.
Delegate your assignment to our experts and they will do the rest.
Despite being illegal, hacking and, data theft continue to flourish, with the perpetrators often hiding under the veil of network anonymity (Stewart, 2012). Data theft speaks negatively about a company. Individual contractors may not trust a business that does not adequately cover its assets. Many stakeholders may conclude that the firm operates in a reckless manner and the actions may cost them their investments. Investor apathy has a bad influence on the enterprise profitability. As the investors move out, the company may lose its assets base and tilt towards bankruptcy.
Institutions can put in place concerted measures to protect their data from intruders who may use it for malicious intents. Some the strategies put in place involve the setting up of a robust and unbreakable system to guard against infiltration. Also, the company can routinely test its security system and bolster it as appropriate. Routine checkups and maintenance keep the system abreast with the emerging trends and threats that may affect its functionality (Cherdantseva & Hilton, 2013). The process of setting up a monitoring system requires massive capital investments. In most cases, the money goes to revamping infrastructural layoffs, software development, and personnel training and hiring. Software upgrades are some of the common methods used to protect a system.
Most of the data infiltration methods include hacking that uses a malicious software. Equally, information systems can invest in the latest antivirus software to thwart any attempts to hack the system. Besides, a company can train its employees on methods of detecting and rejecting malicious software in the system (Spagnoletti & Resca, 2008). Through the above strategies, the businesses can safeguard the theft of their crucial data. Depending on how well a corporation guards itself against data theft reflects on its commitment to protect the information contained in that system.
In the ensuing analysis, this write-up explores some of the challenges facing network systems administration and how best the company can mitigate them r prevent their occurrence. In pursuing this goal, the paper relies on some of the experiments and observations made in the laboratory. Also, the world will consider some of the emerging trends in network administration. Specifically, the material will discuss the recent hacking cases on some hospitals leading to the theft of information. While at it, the analysis will explore the impacts of such an action and discuss how the management can gear itself to tackle such future challenges. The discourse will take a thematic approach to addressing the various pertinent issues and seek their solutions. Through a thorough system diagnostic method and the examination of potential pitfalls in the information security management, the discourse will unravel the best approaches to tackling the emerging threats and propose a way of addressing the concerns finally.
The Role of the CIO and the Leadership
The chief information officer and the overall direction of the company have a crucial role to play in information security management. The undersigned are the personnel solely responsible for maintaining network security systems. The bulk of the job resides with the CIO who has to gather intelligence in possible flaws in the system, any infiltrations and assess the potential damages to the system. Such information is then bundled and communicated as a strategic decision to the company board. Upon the discovery or the suspicion of a possible infiltration into the system, the concerned parties must take concerted efforts to address the issue (Stewart, 2012). It is usually preferable to resolve the issue on its preliminary emergency before it escalates into a full-blown disaster. For instance, data theft may be an exercise undertaken for some days. However, quick interventional measures will curtail the spread of the case. Also, the company will maintain its reputation by acting promptly.
The CIO and the overall leadership cannot afford to sit on the sidelines in the event of a calamity. At such times, they should lead the march in reviving the system. Upon the discovery of a bug or malware, the CIO must launch an investigation that involves a diagnostic system to unravel the cause of the issue. Besides, the officer and the other subordinates are responsible for upgrading the system to the latest versions to support the latest technology (Cherdantseva & Hilton, 2013). For instance, the virus definitions and databases evolve over time, and an administrator must keep abreast with the changes to offer stellar services to the company. If the undersigned fail to act in real time, the company stands to lose vital data to the intruders who may, in turn, used it to blackmail individuals or the company. Besides, inactivity will portray the leadership in the wrong light, sparking confidence debates among the stakeholders. In the aftermath, the company may lose it business and prestige, a factor that it may not recover from quickly. It behooves the leadership of the company to behave in a socially and professionally responsible manner during the time of calamity.
Transferring Risks
Managing network systems competently is a monumental task (Spagnoletti & Resca, 2008). The exercise requires dedication and precise knowledge of how systems work. The chief information officer is mostly an administrative employee of the company. Despite the requirement for a background in computer science or computer, the employee may not be adequate. At such times, it is important to outsource the role to a third and more competent individual. Often, companies transfer their risks associated with the information or network system to third parties. The parties are usually underwriters who agree to discharge the assignment allocated quickly. Risk transfer involves the attribution of the complications related to the system management. Risk transfer works like insurance. The insurer, in this case, the risk receiver, agrees to reimburse or compensate for any damaged that year.
Risk transfers a familiar concept, especially with large enterprises. Some of the huge corporations maintain both an intranet and WIFI system in the companies. The intranet creates a web system where the various employees can access vital information. Such information resides on different employees at the enterprise. Due to the monstrosity of the data management system, the company may hire two suitably qualified individuals to take over the operations (Spagnoletti & Resca, 2008). In most cases, the receiving company outsources expertise.
It is possible to transfer the risk from one company to another. In undertaking this move, the CIO must be adequately confident that the risk receiver cannot suffer. However, outsourcing may further compromise the system. A rogue programmer will intentionally configure the system and insert malware that will destabilize the system (Stewart, 2012). The malicious person can then pose as a concerned party and attempt a hack on the system. Outsourcing also makes the making company look incompetent and unable to manage his system. Under any system, it is possible to transfer risks to another party or entity. However, such person must be well versed in the operations of the system and how best they can remedy an emerging flaw.
Mitigating the Risks
Most of the ICT risks stem from inactivity by the system, a sophisticated malware, or severe loss of data. It is the desire of every system administrator to mitigate the potential risk that the individual clients will be exposed to and the resultant effect on the company. Data loss or its consequential manipulation or use for blackmail presents a grave situation to the enterprise. Some strategies are often employed to lessen the impact of a data loss or theft. In established institutions, the management keeps a redundant copy, often in a different format, such as a manual backup; to turn to if the central data registry gets compromised. A redundancy backup is often used to rectify the discrepancies that may arise as a consequence of data manipulation. If for instance, the overall aim of the intrusion is to alter the data so as to cast suspicion on the company, a backup copy would eliminate the issue.
In other cases, a network system intrusion aims at testing the security features of the enterprise (Cherdantseva & Hilton, 2013). Antivirus developers often use the vulnerability of a system to come up with a more innovative product. As a consequence, the developers may on their accord or by the use of hackers, compromise the system to prove a point. The ideal method of minimizing the risk of hacking is by creating a secure authentication system. Some of the hacking process social engineer the likely user passwords. Through the use of unique identification systems and double authentication in the login portals, the company would significantly lessen the possibility of somebody guessing the passwords.
A dual authentication system eliminates the likelihood of a login breach that may lead to loss of data. Besides, the company can invest in a robust system that discourages intrusion. Before breaking into the system, the culprits would have gone through a rigorous system. A properly secured system mitigates the risk of interventions by subjecting the attackers to a stringent verification regime (Spagnoletti & Resca, 2008). Communication and speedy response after an attack are also effective measures of mitigating an attack. Communication with the stakeholders assures them that the company is undertaking remedial steps to correct a flaw. Besides, it allows the parties involved to review their data to ensure consistency with the backup copies.
Reputation control is also a major consideration during an attack. The company ought to stay ahead of the intruders and assure the stakeholders that their information is secure. Some data breaches aim at stealing client information and selling it to the competitors. The company ought to out the word out to the competitors to be on the lookout for independent parties purporting to sell them invaluable information. At times, it behooves the companies to act with integrity as the incident could befall any of them. Instead of waiting for the press to take up the matter and often exaggerate it, the company would take the initiative to inform the public on its own, and most importantly, reiterate the steps it is taking to address the issue and prevent a similar occurrence in the future.
Eliminating the Risk of Intrusion
It is true that no computer system is impenetrable. At the least, even the most secure system is prone to manipulation from its creators. It is foolhardy to claim that there is a conclusive way of preventing intrusion. In most cases, parties opt to lessen the impact of an intervention, as opposed to eliminating it all together. However, some of the susceptibilities that make the system easily compromised can be mitigated. For instance, if the open key to system manipulation lies in the insecure password systems, the management can improve on the system by creating a double authentication system (Stewart, 2012). Besides, the passwords could be generated using a given criteria. For example, the system can only recognize passwords that contain alphanumerical and a mix of both capital and small letters. The move could encourage the users to create secure passwords that a third party would not second guess. Also, the passwords generator could also refuse to recognize combination that uses a client’s personal information such as the date of birth or social security number. In the end, some hacking techniques such as through social engineering.
Some risks associated with the system management may dissipate forthwith. For instance, if the hacker uses a keylogger to obtain login credentials for the users that could be ultimately used to compromise the system, it is easier to audit the system and remove any malicious software. The company can formulate a policy of checking the system regularly to ensure that there are not third parties software installed (Cherdantseva & Hilton, 2013). Ina addition, the company could discourage the use of external computers to access the system. It is easier to compromise the external computers than the company gadgets. As a policy, users can only access the intranet using authorized devices such as those issued by the firm. The IT administrators can easily manage the approved devices as opposed to monitoring every system that logs into the company website.
Managing computer network systems and guarding them against infiltration is not a mean feat. As the technology advances, IT administrators should also refresh their conception and understanding of the computer systems (Stewart, 2012). While it is misleading to claim that the CIOs and IT managers can cure defaults in the system and eliminate any risks, the in charge can nevertheless lessen the impact of infiltration. It is only possible to reduce the gravity of the attack or minimize the chances of attack, but not eliminate it all together (Spagnoletti & Resca, 2008). The nature of computer systems allows manipulation. However, a system can make it difficult for such manipulation to occur or prevent greater damage.
Projected Costs
Currently, the security system at the institution needs revamping. A look at the safety features of the system reveals some glaring loopholes that can lead to serious data breaches. For instance, the system has only a single authentication method. The flaw makes it easier for intruders to penetrate the system. There is a need for at least a double authentication system. The IT department can modify the system to include phone notifications to allow the system to send a short code to the registered user’s phone to enable them to log in. Double authentication eliminates the prospects of a third party accessing the system as they would need the particular user’s phone (Cherdantseva & Hilton, 2013). The estimated cost of recreating the login system is at $45,000. Also, the company site needs to be reprogrammed to eliminate the chances of phishing scams. Currently, there is software on the market that detects phishing scams and blocks them from displaying on the system. The software also includes an email filter that avoids scam emails from showing in the primary mailbox. Antivirus software can handle the issue mentioned above.
The organization can acquire the software at $3000. Also, the company needs to maintain a redundant backup to guard against data loss. The backup would be updated every fortnight to refresh the information. Such backups can be stored offline within secure facilities in the institution. Most backup comes in the former of cold servers, and at the prevailing market rates, one can acquire a protected computer center (Secure Computer Facility) at the cost of $100,000. It is a given that if the firm implements the measures discussed above actually, the company will eliminate instances of data loss through infiltration, phishing, or hacking. That way, the company will regain its prestigious position as an institution committed to offering excellent services to the people. Besides, the stakeholders in the medical industry will renew their confidence in the center as their confidentiality can be guaranteed (Stewart, 2012). If well implemented, these measures will make the City of Hope National Medical Center a beacon of hope in the healthcare management.
References
Cherdantseva, Y. & Hilton, J. (2013). Information security and information assurance. The
discussion about the meaning, scope and goals. In. Almeida F. & Portela, I. (eds). Organizational, legal, and technological dimensions of information system administrator . Pershey, PA: IGI Global Publishing.
Spagnoletti, P. & Resca, A. (2008). The duality of Information Security Management: fighting
against predictable and unpredictable threats . Journal of Information System Security, 4 (3): 46–62 .
Stewart, J. (2012). CISSP Study Guide. Canada: John Wiley & Sons, Inc.
