Employee Reaction to Security Changes: Case Study Analysis

Verified

Added on 2022/08/30

AI Summary

This case study analyzes the security challenges faced by Cenartech USA, an engineering organization, focusing on employee reactions to security changes. The study highlights the impact of a rogue employee and the resulting security breaches, emphasizing the importance of employee awareness and mindset in preventing such incidents. It explores the steps Cenartech could have taken to mitigate the damage, including strict rules, vigilant monitoring, and HR training. The analysis also covers strategies for preventing future attacks through employee training and communication, and the role of a formalized IT policy. The report concludes with recommendations for strengthening security measures and addressing the human element in information security.

Running head: EMPLOYEE REACTION TO SECURITY CHANGES
Employee Reaction to Security Changes
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1EMPLOYEE REACTION TO SECURITY CHANGES
Table of Contents
Introduction................................................................................................................................2
Employee Awareness or the employee mindsets leading to the breaches.............................2
Steps for the right management taken for preparing the prevention of the breach................3
The steps that the company could have taken to ward off any future attacks........................4
Information that the company should communicate to the employees about the attack.......4
Conclusion..................................................................................................................................5
References..................................................................................................................................6
MCQ...........................................................................................................................................7

2EMPLOYEE REACTION TO SECURITY CHANGES
Introduction
The security threats to an organization can come from various aspects within the
organization. One of the biggest security threats known to an organization is also considered
to be the employees of the organization itself. There have been several reports established to
this day about the security threats within an organization, and the results have all proved that
the conducts of the employees within the organization have been the most challenging threat
for an organization (Khan & Hoque, 2016). Therefore, following would be the analysis of a
case study, where the conduct of the employees in the organization of Cenartech USA is to be
analyzed. On the basis of this analysis, the security issues in the organization would be
investigated. This would lead to the awareness of the employees or the mindsets of the
employees that leads to the security breaches, the steps that should be taken for the right
management of the preparation of prevention from these breaches, the steps that Cenartech
might have taken to wear of the future attacks and the information that the company should
have taken to ward off the future attacks.
Employee Awareness or the employee mindsets leading to the breaches
According to the case study about Cenartech USA, it is an engineering organization
that mostly prepares a sophisticated. Information infrastructure supporting the engineering,
sales, financial and human resource functions for the customers. In these areas, the
information systems infrastructure supports the applications with the storage servers, wired
and wireless networks, email and text messaging. They even have a web presence. However,
with the involvement of a new director of Information Technology, it was found that there
have been raising conflicts about the seasoned Human Resource director. The conflict
follows the main theme of the case study, where it was found that there had been routine
account lock-outs in the organization. This was mostly about the report an employee shared

3EMPLOYEE REACTION TO SECURITY CHANGES
due to the random lock-outs of the web accounts, which was found to be associated with the
review of log files. The review provided evidences of several variety of passwords and
username combinations tried from a cluster of computers inside the company itself
(Thompson, 2018). Tampering with databases followed when the HR director intervened to
investigate the issues directed by the IT director. It was found that the source of all was a
rogue employee. A chronological progression of the same issue led to the further issues.
The employee mindset about being termed as a rogue employee creates a huge issue
in organizations. Usually, an employee is termed as rogue that undermines the organization
but the employee fails to comply with the set rules and regulations of the organization. The
flouting of the company rules points out that he or she might not stay in the company for long
(Arbuckle & Ritchie, 2019). The employee turning rogue is a mind set that varied from
person to person. Undermining authority and causing problems are their primary activities. It
is not about conducting criminal activities but about the deliberate behaviour of the
employees causing problems and overall losses to the organization.
Steps for the right management taken for preparing the prevention of the breach
The initial signs that Cenartech USA saw with the rogue employees was the reporting
of another employee about the rogue activities. However, it is extremely important to handle
the rogue employees. The following steps can be taken by Cenartech to control the damage
caused and make sure to handle the situation:
1. Let the company set strict rules and regulations to follow and restrict them
even with these rules and regulations (Harries & Thomson, 2018). They must
know that the reasons that they are restricted is about the fraud and security
breaches caused by the employees.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4EMPLOYEE REACTION TO SECURITY CHANGES
2. They should be treated with a vigilant for protecting the business of
Cenartech. A close eye on the employees should be set to lookout for the
further challenges (Mills, 2018). Every rogue employee must be treated with
the vigilance system to look out for alarming situations.
3. Training should be given to the HR department of Cenartech so that their
ability to damage the company further can be stopped by anticipating the
issues with the employees (Hickman, 2017).
4. The use of social media within the office premises should come with a
formulation of policies so that the rogue employees must not use them at
random and excessively.
The steps that the company could have taken to ward off any future attacks
The Cenartech company must learn the development of any kind of problems that
might lead to the rogue employees form not being detected. This is to be done by training the
employees within the organization at such a level that they would find it easier to analyze and
monitor every person within the organization (Das, Shen & Wang, 2017). This would make
sure that every employee being monitored is looked out for the problems that they are facing.
Any issue leading to an employee being rogue needs to be stopped with this monitoring
impact. The thorough training to the HR department is to be provided by the IT department.
Information that the company should communicate to the employees about the
attack
First and foremost, the rogue employee must be figured out. After this, they should be
communicated about the findings of the Cenartech organization so that they must have the
knowledge about the ability of the organization. If it is done properly, they should also be
communicated about what activities they are performing and how these are being termed as a

5EMPLOYEE REACTION TO SECURITY CHANGES
security threat to Cenartech (Sammut, 2019). The other employees are also to be informed the
same, marking the rules and regulations about the organization and the restriction of
employees. The future attacks could only be stopped with the utilization of a formularized IT
policy.
Conclusion
Therefore, in conclusion, it can be said that the above report figures out the problem
that Cenartech was facing. The employees being the primary security challenge within an
organization can be figured out. All of the threats that Cenartech was facing has been
characterized and provided with solutions so that Cenartech might not face the same problem
again.

6EMPLOYEE REACTION TO SECURITY CHANGES
References
Arbuckle, L., & Ritchie, F. (2019). The Five Safes of Risk-Based Anonymization. IEEE
Security & Privacy, 17(5), 84-89.
Das, A., Shen, M. Y., & Wang, J. (2017, December). Modeling user communities for
identifying security risks in an organization. In 2017 IEEE International Conference
on Big Data (Big Data) (pp. 4481-4486). IEEE.
Harries, A., & Thomson, C. (2018). Cyber risk. Agent, The, 51(5), 9.
Hickman, M. (2017). The threat from inside. Network Security, 2017(4), 18-19.
Khan, S. I., & Latiful Hoque, A. S. M. (2016). Digital Health Data: A Comprehensive
Review of Privacy and Security Risks and Some Recommendations. Computer
Science Journal of Moldova, 24(2).
Mills, R. R. (2018). The Current State of Insider Threat Awareness and Readiness in
Corporate Cyber Security-An Analysis of Definitions, Prevention, Detection and
Mitigation (Doctoral dissertation, Utica College).
Sammut, J. (2019). Security against social scams. Journal (Real Estate Institute of New South
Wales), 70(3), 35.
Thompson, E. E. (2018). The Insider Threat: Assessment and Mitigation of Risks. Auerbach
Publications.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7EMPLOYEE REACTION TO SECURITY CHANGES
MCQ
1. True
2. Physical construction, roofs, cabling, filtered power
3. The use of tamper 2. -proof methods (e.g., fingerprint assessment, retina scan, voice
analysis) to verify the appropriate access level for an individual.
4. False
5. The account is disabled during maintenance, an employee stays with the person to
make sure the maintenance account is not accessed, the system is monitored remotely
to prevent access of the account.