MDIS & Teesside Uni: Information Systems Security Report - COM2067-N
VerifiedAdded on 2023/04/20
|10
|2298
|439
Report
AI Summary
This report examines a case study of a secondary school experiencing a data breach where student login credentials were compromised, leading to grade discrepancies and affecting student promotions. The investigation focuses on identifying the culprit within the limited access environment of the school's administration. The report suggests security policies like removing parabolic microphones, enhancing encryption, installing updated antivirus software, and restricting FTP server access. It further discusses the legal implications of employee vandalism, student conduct, and government data security policies. Ethical considerations include fraud, intrusion of student data, and the societal impacts of psychological harm to students and the erosion of trust in the education system. The conclusion emphasizes the importance of robust information security measures in schools to protect data privacy, build trust, and ensure the long-term success of the institution.
Running head: INFORMATION SYSTEMS SECURITY
INFORMATION SYSTEMS SECURITY
Name of the student:
Name of the university:
Author note:
INFORMATION SYSTEMS SECURITY
Name of the student:
Name of the university:
Author note:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1INFORMATION SYSTEMS SECURITY
Table of Contents
Introduction:....................................................................................................................................2
Discussion:.......................................................................................................................................2
Investigation to uncover the culprit:................................................................................................2
Recommendation of security policies to prevent the security issues in the future:.........................4
Legal, ethical and societal issues are involved with the hack:........................................................5
Legal issues:.................................................................................................................................5
Ethical issues:..............................................................................................................................5
Societal issues:.............................................................................................................................6
Conclusion:......................................................................................................................................7
References:......................................................................................................................................8
Table of Contents
Introduction:....................................................................................................................................2
Discussion:.......................................................................................................................................2
Investigation to uncover the culprit:................................................................................................2
Recommendation of security policies to prevent the security issues in the future:.........................4
Legal, ethical and societal issues are involved with the hack:........................................................5
Legal issues:.................................................................................................................................5
Ethical issues:..............................................................................................................................5
Societal issues:.............................................................................................................................6
Conclusion:......................................................................................................................................7
References:......................................................................................................................................8
2INFORMATION SYSTEMS SECURITY
Introduction:
Information security is one of the biggest challenges in most of the organizations in
today’s world. There are different kind of issues that the organizations face in terms of data
security. Some of the most known issues are threat to data security, virus infections on the
systems due to accessing unknown websites, phishing attacks from spam emails, intrusion to
organizational data privacy from hackers through Trojan viruses, acts of employee vandalism
etc. These issues often lead to huge economic losses for the organizations.
The following report will highlight the case study of a particular secondary school, which
has faced similar security issues in the recent past since the login credentials of the school’s data
bases has been published on the internet. Since then there have been discrepancies in the grades
of the students, which in turn also affected the promotion rounds of many of them (MacAllister,
Macleod and Pirrie 2013). The legal, ethical as well as the societal issues will be discussed along
with data security recommendations that will be discussed in the following paragraphs.
Discussion:
Investigation to uncover the culprit:
The main point of investigation lies in the fact that there is a strict access control to the
admin office and it is mandatory for admin staff, cleaners as well as the principal to get their
access verified at the times of entering the admin office. They are the only people allowed in the
office. Only the administrative stuff have access to the databases credentials, which are
encrypted under the public keys of each admin staff with a GPG encryption version of 1.4.15.
These encrypted credentials are stored in a FTP transfer, which is openly accessible to all,
including the students. The level of technical knowledge and expertise of the students as
Introduction:
Information security is one of the biggest challenges in most of the organizations in
today’s world. There are different kind of issues that the organizations face in terms of data
security. Some of the most known issues are threat to data security, virus infections on the
systems due to accessing unknown websites, phishing attacks from spam emails, intrusion to
organizational data privacy from hackers through Trojan viruses, acts of employee vandalism
etc. These issues often lead to huge economic losses for the organizations.
The following report will highlight the case study of a particular secondary school, which
has faced similar security issues in the recent past since the login credentials of the school’s data
bases has been published on the internet. Since then there have been discrepancies in the grades
of the students, which in turn also affected the promotion rounds of many of them (MacAllister,
Macleod and Pirrie 2013). The legal, ethical as well as the societal issues will be discussed along
with data security recommendations that will be discussed in the following paragraphs.
Discussion:
Investigation to uncover the culprit:
The main point of investigation lies in the fact that there is a strict access control to the
admin office and it is mandatory for admin staff, cleaners as well as the principal to get their
access verified at the times of entering the admin office. They are the only people allowed in the
office. Only the administrative stuff have access to the databases credentials, which are
encrypted under the public keys of each admin staff with a GPG encryption version of 1.4.15.
These encrypted credentials are stored in a FTP transfer, which is openly accessible to all,
including the students. The level of technical knowledge and expertise of the students as
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3INFORMATION SYSTEMS SECURITY
compared to the admin personnel themselves, regarding the process of “decryption of
credentials” is quite low and it is even lower in case of the cleaners (Hansen 2013). Moreover,
students ideally should not have a logical reason to get their grades changed or modified publicly
on the internet (Perry and Southwell, 2014). However, the admin staff can do the same
considering their own personal interests or simply to defame the brand value of the school
(Haynes 2016). They may have internal conflicts or issues that had not been addressed by the
principal or the school management in the past, which led them to get involved in acts of
employee vandalism.
Another interesting observation is that even though the admin office is accessible only to
the admin staff, principal and the cleaners, the music lab that is adjacently located can be
anonymously accessed and used by anyone. From that, it can also be so derived that while some
of the admin staff were discussing about the credentials among each other within the admin lab,
another admin staff (probable culprit) from the music room might have overheard it (Lendrum,
Humphrey and Wigelsworth 2013). This could be possible since the music room is equipped
with highly sensitive parabolic microphones that is capable of capturing sounds clearly even
form a distance to allow the other admin stuff (culprit) to overhear the credentials (Alexander
2016). Each side of the admin office is four meters long and the walls are not ceiling high.
Therefore, the admin office is not sound proof and there is every possibility for the culprit to
overhear the credentials being discussed within the admin using the parabolic microphones
within the adjacent music room (Biesta 2015). Students use the laptops for their academic related
tasks. Eliminating the students, cleaners as well as the principal herself, it can be deduced that
the head of the admin department is the culprit since he has the most privilege of access across
compared to the admin personnel themselves, regarding the process of “decryption of
credentials” is quite low and it is even lower in case of the cleaners (Hansen 2013). Moreover,
students ideally should not have a logical reason to get their grades changed or modified publicly
on the internet (Perry and Southwell, 2014). However, the admin staff can do the same
considering their own personal interests or simply to defame the brand value of the school
(Haynes 2016). They may have internal conflicts or issues that had not been addressed by the
principal or the school management in the past, which led them to get involved in acts of
employee vandalism.
Another interesting observation is that even though the admin office is accessible only to
the admin staff, principal and the cleaners, the music lab that is adjacently located can be
anonymously accessed and used by anyone. From that, it can also be so derived that while some
of the admin staff were discussing about the credentials among each other within the admin lab,
another admin staff (probable culprit) from the music room might have overheard it (Lendrum,
Humphrey and Wigelsworth 2013). This could be possible since the music room is equipped
with highly sensitive parabolic microphones that is capable of capturing sounds clearly even
form a distance to allow the other admin stuff (culprit) to overhear the credentials (Alexander
2016). Each side of the admin office is four meters long and the walls are not ceiling high.
Therefore, the admin office is not sound proof and there is every possibility for the culprit to
overhear the credentials being discussed within the admin using the parabolic microphones
within the adjacent music room (Biesta 2015). Students use the laptops for their academic related
tasks. Eliminating the students, cleaners as well as the principal herself, it can be deduced that
the head of the admin department is the culprit since he has the most privilege of access across
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4INFORMATION SYSTEMS SECURITY
the databases of the students and access to other admin staff is ultimately granted and approved
by him (Onyinkwa 2014). That can be a possibility.
Recommendation of security policies to prevent the security issues in the
future:
Considering the privacy issues that the school has faced there can be different
recommendations to prevent such issues in the future. Some recommendations as provided to the
principal of the school are provided below:
- Such high sensitive parabolic microphones should not be present in any room, which is
adjacent to the admin office, considering the fact that the walls are not ceiling high, and
thus not soundproof (Biesta 2015). The school management can also make just the
critically important offices like the admin office sound proof.
- Staff public keys need not be distributed to the students since external hackers decrypt
often their encrypted emails over the network they are being sent through even without
the knowledge of the school management or the admin staff.
- Proper antivirus software such as Kaspersky internet solution should be installed in all
the workstations and the IT administrators should ensure the computers within the school
premises are regularly updated and security patches are up to date (Brooks, Riele and
Maguire 2014). Network firewalls should be used across the school network to ensure
that all unwanted and external requests from external sources or websites are blocked.
- Considering the security, related threats of the Thunderbird e-mail client equipped with
Enigmail plugin some other client such as the AOL can be used.
- Access to the FTP server can be minimized to ensure only the intended person can access
the data stored in it.
the databases of the students and access to other admin staff is ultimately granted and approved
by him (Onyinkwa 2014). That can be a possibility.
Recommendation of security policies to prevent the security issues in the
future:
Considering the privacy issues that the school has faced there can be different
recommendations to prevent such issues in the future. Some recommendations as provided to the
principal of the school are provided below:
- Such high sensitive parabolic microphones should not be present in any room, which is
adjacent to the admin office, considering the fact that the walls are not ceiling high, and
thus not soundproof (Biesta 2015). The school management can also make just the
critically important offices like the admin office sound proof.
- Staff public keys need not be distributed to the students since external hackers decrypt
often their encrypted emails over the network they are being sent through even without
the knowledge of the school management or the admin staff.
- Proper antivirus software such as Kaspersky internet solution should be installed in all
the workstations and the IT administrators should ensure the computers within the school
premises are regularly updated and security patches are up to date (Brooks, Riele and
Maguire 2014). Network firewalls should be used across the school network to ensure
that all unwanted and external requests from external sources or websites are blocked.
- Considering the security, related threats of the Thunderbird e-mail client equipped with
Enigmail plugin some other client such as the AOL can be used.
- Access to the FTP server can be minimized to ensure only the intended person can access
the data stored in it.
5INFORMATION SYSTEMS SECURITY
Legal, ethical and societal issues are involved with the hack:
Legal issues:
- Employee Vandalism: As discussed earlier, this can be one of the major reasons why the
hack may have occurred. It can be a possibility that the admin stuff were disgruntled with
the school management and wanted to defame the image of the school (Zevin 2013).
They may have corrupted the database or changed the grades of the students purposely in
order to make it difficult to review the promotion rounds for few students (Zembylas
2015). They may also have claimed money from the students in return for getting their
grades upgraded to enable them to be promoted or there can be multiple other reasons
why the admin department could have misused the student database.
- Student code of conduct as well as policies of discipline: This includes the academic
rights of the students that were not addressed by the students, which in turn infuriated the
admin staff. Under such circumstances, improper decision of the principal or the school
management could have caused this kind of an issue that ultimately harmed both the
students as well as the school management.
- Government policies of data security: Government guidelines of compulsory network
and system security and setting of strong passwords on the systems were not followed by
the school management.
Ethical issues:
- Fraud with student’s merit: Due to the discrepancy of the student’s marks on the
internet, it had caused actual meritorious students to appear weak in academics and vice
versa on the internet. It had also caused negative psychological impacts on the students
Legal, ethical and societal issues are involved with the hack:
Legal issues:
- Employee Vandalism: As discussed earlier, this can be one of the major reasons why the
hack may have occurred. It can be a possibility that the admin stuff were disgruntled with
the school management and wanted to defame the image of the school (Zevin 2013).
They may have corrupted the database or changed the grades of the students purposely in
order to make it difficult to review the promotion rounds for few students (Zembylas
2015). They may also have claimed money from the students in return for getting their
grades upgraded to enable them to be promoted or there can be multiple other reasons
why the admin department could have misused the student database.
- Student code of conduct as well as policies of discipline: This includes the academic
rights of the students that were not addressed by the students, which in turn infuriated the
admin staff. Under such circumstances, improper decision of the principal or the school
management could have caused this kind of an issue that ultimately harmed both the
students as well as the school management.
- Government policies of data security: Government guidelines of compulsory network
and system security and setting of strong passwords on the systems were not followed by
the school management.
Ethical issues:
- Fraud with student’s merit: Due to the discrepancy of the student’s marks on the
internet, it had caused actual meritorious students to appear weak in academics and vice
versa on the internet. It had also caused negative psychological impacts on the students
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6INFORMATION SYSTEMS SECURITY
and their families, which is again the ethical rules of the governments that has to be
followed by all the ethical institutes.
- Intrusion of student’s confidential information: The hackers have released the
credentials of the student’s database on the internet that can be openly accessed by
everyone within and outside the school network. They can login and see all the students’
information such as their marks, promotion status and other confidential information that
should only be accessible to the students themselves, their teachers and the school staff.
(Noddings 2013). This again is unethical.
Societal issues:
- Psychological impact on students: Due to the open availability of the student’s
information on the internet, many students have been demotivated and they might run the
chance of being bullied by their friends and neighbors about their academic merit. This in
turn can cause them to start hating the concept of education and can be detrimental for
their studies even in the future, considering the fact that they faced such an issue just
while in their secondary school.
- Impact on parents and education industry as a whole: This act of hacking has stirred
up the parents and they have started believing that due to the advent of technology,
everything in the education industry can be altered. They can even start believing that
there is no use of the fact that their children are meritorious because ultimately hackers or
the school staff themselves have the provision of altering even the marks their children
score. (Gardelli, Alerby and Persson 2014). It has been seen in recent studies that some
students have even committed suicides after being traumatized by such unethical acts.
and their families, which is again the ethical rules of the governments that has to be
followed by all the ethical institutes.
- Intrusion of student’s confidential information: The hackers have released the
credentials of the student’s database on the internet that can be openly accessed by
everyone within and outside the school network. They can login and see all the students’
information such as their marks, promotion status and other confidential information that
should only be accessible to the students themselves, their teachers and the school staff.
(Noddings 2013). This again is unethical.
Societal issues:
- Psychological impact on students: Due to the open availability of the student’s
information on the internet, many students have been demotivated and they might run the
chance of being bullied by their friends and neighbors about their academic merit. This in
turn can cause them to start hating the concept of education and can be detrimental for
their studies even in the future, considering the fact that they faced such an issue just
while in their secondary school.
- Impact on parents and education industry as a whole: This act of hacking has stirred
up the parents and they have started believing that due to the advent of technology,
everything in the education industry can be altered. They can even start believing that
there is no use of the fact that their children are meritorious because ultimately hackers or
the school staff themselves have the provision of altering even the marks their children
score. (Gardelli, Alerby and Persson 2014). It has been seen in recent studies that some
students have even committed suicides after being traumatized by such unethical acts.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7INFORMATION SYSTEMS SECURITY
Conclusion:
Therefore, it can be concluded from the above report that information security is
extremely important in the schools. There are different security measures that should be taken by
the schools as well as other bodies, in order to ensure that the privacy of their data is maintained.
It should be ensured that proper usage of antivirus as well as other security measures is
mandatorily deployed in all schools and the teacher and other stud abide by the different
standards. This will not only help students and their parents develop a sense of trust within the
school management but will also ensure that the school improves its own business in the future
by attracting more students in the future.
Conclusion:
Therefore, it can be concluded from the above report that information security is
extremely important in the schools. There are different security measures that should be taken by
the schools as well as other bodies, in order to ensure that the privacy of their data is maintained.
It should be ensured that proper usage of antivirus as well as other security measures is
mandatorily deployed in all schools and the teacher and other stud abide by the different
standards. This will not only help students and their parents develop a sense of trust within the
school management but will also ensure that the school improves its own business in the future
by attracting more students in the future.
8INFORMATION SYSTEMS SECURITY
References:
Alexander, H.A., 2016. Assessing virtue: measurement in moral education at home and
abroad. Ethics and Education, 11(3), pp.310-325.
Biesta, G., 2015. Resisting the seduction of the global education measurement industry: Notes on
the social psychology of PISA. Ethics and education, 10(3), pp.348-360.
Biesta, G.J., 2015. Good education in an age of measurement: Ethics, politics, democracy.
Brooks, R., Te Riele, K. and Maguire, M., 2014. Ethics and education research. Sage.
Gardelli, V., Alerby, E. and Persson, A., 2014. Why philosophical ethics in school: implications
for education in technology and in general. Ethics and Education, 9(1), pp.16-28.
Hansen, O.H.B., 2013. Promoting classical tolerance in public education: what should we do
with the objection condition?. Ethics and Education, 8(1), pp.65-76.
Haynes, F., 2016. Ethics and education. Encyclopedia of Educational Philosophy and Theory,
pp.1-5.
Lendrum, A., Humphrey, N. and Wigelsworth, M., 2013. Social and emotional aspects of
learning (SEAL) for secondary schools: Implementation difficulties and their implications for
school‐based mental health promotion. Child and Adolescent Mental Health, 18(3), pp.158-164.
MacAllister, J., Macleod, G. and Pirrie, A., 2013. Searching for excellence in education:
knowledge, virtue and presence?. Ethics and Education, 8(2), pp.153-165.
Noddings, N., 2013. Caring: A relational approach to ethics and moral education. Univ of
California Press.
Onyinkwa, J., 2014. Factors influencing compliance to procurement regulations in public
secondary schools in kenya: a case of nyamache district, kisii county (Doctoral dissertation).
References:
Alexander, H.A., 2016. Assessing virtue: measurement in moral education at home and
abroad. Ethics and Education, 11(3), pp.310-325.
Biesta, G., 2015. Resisting the seduction of the global education measurement industry: Notes on
the social psychology of PISA. Ethics and education, 10(3), pp.348-360.
Biesta, G.J., 2015. Good education in an age of measurement: Ethics, politics, democracy.
Brooks, R., Te Riele, K. and Maguire, M., 2014. Ethics and education research. Sage.
Gardelli, V., Alerby, E. and Persson, A., 2014. Why philosophical ethics in school: implications
for education in technology and in general. Ethics and Education, 9(1), pp.16-28.
Hansen, O.H.B., 2013. Promoting classical tolerance in public education: what should we do
with the objection condition?. Ethics and Education, 8(1), pp.65-76.
Haynes, F., 2016. Ethics and education. Encyclopedia of Educational Philosophy and Theory,
pp.1-5.
Lendrum, A., Humphrey, N. and Wigelsworth, M., 2013. Social and emotional aspects of
learning (SEAL) for secondary schools: Implementation difficulties and their implications for
school‐based mental health promotion. Child and Adolescent Mental Health, 18(3), pp.158-164.
MacAllister, J., Macleod, G. and Pirrie, A., 2013. Searching for excellence in education:
knowledge, virtue and presence?. Ethics and Education, 8(2), pp.153-165.
Noddings, N., 2013. Caring: A relational approach to ethics and moral education. Univ of
California Press.
Onyinkwa, J., 2014. Factors influencing compliance to procurement regulations in public
secondary schools in kenya: a case of nyamache district, kisii county (Doctoral dissertation).
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9INFORMATION SYSTEMS SECURITY
Perry, L.B. and Southwell, L., 2014. Access to academic curriculum in Australian secondary
schools: A case study of a highly marketised education system. Journal of Education
Policy, 29(4), pp.467-485.
Zembylas, M., 2015. ‘Pedagogy of discomfort’and its ethical implications: the tensions of ethical
violence in social justice education. Ethics and Education, 10(2), pp.163-174.
Zevin, J., 2013. Social studies for the twenty-first century: Methods and materials for teaching in
middle and secondary schools.
Perry, L.B. and Southwell, L., 2014. Access to academic curriculum in Australian secondary
schools: A case study of a highly marketised education system. Journal of Education
Policy, 29(4), pp.467-485.
Zembylas, M., 2015. ‘Pedagogy of discomfort’and its ethical implications: the tensions of ethical
violence in social justice education. Ethics and Education, 10(2), pp.163-174.
Zevin, J., 2013. Social studies for the twenty-first century: Methods and materials for teaching in
middle and secondary schools.
1 out of 10
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.