AEnergy Case Study: Analyzing Unethical Use & Security Threats to IT

Verified

Added on 2023/05/28

AI Summary

This case study examines the unethical uses and security threats facing AEnergy Company's IT infrastructure, involving both internal and external users. It identifies issues such as unauthorized software installation, data theft, outdated security software, and mobile device vulnerabilities. The study proposes policy changes to mitigate these risks, including stricter controls on software installation and USB device usage, enhanced security protocols to prevent external access, regular software updates, and improved mobile device security. The analysis underscores the importance of robust data security, employee security, and accounting security policies to protect sensitive information and maintain operational integrity. This document is available on Desklib, a platform offering a wide range of study resources, including past papers and solved assignments, to support students in their academic endeavors.

Running Head: IT INFRASTRUCTURE MANAGEMENT
Unethical and security issues of AEnergy Company
Name of the student:
Name of the university:
Author note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1IT INFRASTRUCTURE MANAGEMENT
Introduction:
AEnergy Company is an integrated 30 employee company that develops, designs and
produces high quality components for diverse energy generation and energy efficient customers.
The company serve their clients in western and central United States. The IT team of the
company has created a network that would help in sharing information among the employees to
make the company a high-performance business. The sales of the company has been growing in
an increasing manner. Sales growth in the last three years of the company were 3%, 4% and 10%
respectively.
Discussion:
A. 1. Two unethical uses of the company technology by internal users:
The two unethical uses of the company technology by internal users are installation of
unapproved software in computers and workstations and unauthorized copying of information
and data from one computer to another using USB devices (Zhou & Piramuthu, 2013). The data
security policy as mentioned does not include any security policy regarding software installation.
Internal users of AEnergy Company will be able to install any software or spyware in the system
without the administration knowing about it.
A. 2. Two unethical uses of the company technology by external users:
The two unethical uses of the company technology by external users are hacking into the
company’s main server for gaining confidential information and employee details and financial
theft (Pretorius, Leonard & Strydom, 2013). Financial information input can be diverted away
from the company by external users for stealing money. For example, the donation system of

2IT INFRASTRUCTURE MANAGEMENT
AEnergy can be redirected and sent to an offshore account that is controlled by an external user.
This unethical practice using company technology should be eliminated by laying policies
regarding it. For gaining confidential information the external user encrypts the entire website.
B. 1. Two security threats to the company technology from internal users:
The anti-virus software that are being used by AEnergy might be outdated therefore making
the computer and the network vulnerable to security breaches. Computers might contain various
data that are categorized as public, private, confidential and secret (Chou, 2013). The
confidential and secret data will then become accessible by internal users which are against the
data security policies. New technology is being released each day. The technology contains lot of
virus that makes the computers vulnerable to security threats. Employee details and other secret
information might be leaked by internal users (Koh, Oh, & Im, 2014). This might prove harmful
for the company.
B. 2. Two security threats to the company technology from external users:
Outdated security software gives the privilege to external users to peep into company
network and workstations to steal information. Therefore important data of the company are at a
risk of theft by the external users. Mobile devices are at security risks from early phases of
connectivity to internet (Barlow et al., 2013). These risks have been observed by security
experts. The recent attacks that happened with mobile foul play revealed that the users are less
concerned than they should have been. Therefore, the company technology like computers,
workstation and company network are at security threats.
C. 1. Changes in the policy that would mitigate unethical uses identified in part A1
and A2:

3IT INFRASTRUCTURE MANAGEMENT
The changes in policy that would mitigate unethical uses identified in part A1 and A2 are
that the computer system should be configured in such a way admin password would be required
for connecting USB device. Admin password should be asked for installing any software in
computer. Security policy should be made strong so that external users are not permitted to enter
company network. They should not gain access to company main server.
C. 2. Changes in the policy that would mitigate security threats identified in part B1
and B2:
Creativity in business and constant connection to the Internet is achieved by using
modern technologies in various organizations. Therefore, new policies should be implemented to
eliminate the cyber security threats. Cybercriminals are discovering new ways to tap the most
sensitive networks in the world (Vance, Lowry, & Eggett, 2013). Therefore, new policy of
updating software on a daily basis should be adopted. Security of mobile devices should be given
priority. A new policy for installing strong anti-viruses should be implemented in AEnergy
Company.
Conclusion:
From the above discussions, it can be concluded that data security, employee security and
accounting security policies are necessary in any organization for protecting and safeguarding
data stored. Employee security policy is required to safeguard employee details. However, the
policies described by AEnergy Company under data security policy, employee security policy and
accounting security policy proves to be inefficient in protecting data and employee details.
Therefore, some changes were made in the policies to eliminate the unethical and security issues.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4IT INFRASTRUCTURE MANAGEMENT
Reference List:
Barlow, J. B., Warkentin, M., Ormond, D., & Dennis, A. R. (2013). Don't make excuses!
Discouraging neutralization to reduce IT policy violation. Computers & security, 39, 145-
159.
Chou, T. S. (2013). Security threats on cloud computing vulnerabilities. International Journal of
Computer Science & Information Technology, 5(3), 79.
Koh, E. B., Oh, J., & Im, C. (2014). A study on security threats and dynamic access control
technology for BYOD, smart-work environment. In Proceedings of the International
MultiConference of Engineers and Computer Scientists (Vol. 2014, pp. 12-14).
Pretorius, H., Leonard, A., & Strydom, I. (2013). Towards an electronic monitoring, observation
and compliance framework for corporate governance using business process management
systems: building the information society. The African Journal of Information and
Communication, 2013(13), 62-75.
Vance, A., Lowry, P. B., & Eggett, D. (2013). Using accountability to reduce access policy
violations in information systems. Journal of Management Information Systems, 29(4),
263-290.
Zhou, W., & Piramuthu, S. (2013). Technology regulation policy for business ethics: An
example of RFID in supply chain management. Journal of business ethics, 116(2), 327-
340.