Professional Year Program: Security Administration Case Study

Verified

Added on 2023/01/18

AI Summary

This case study examines the role of a security administrator, Mandy, in a company, focusing on the monitoring of employee web activity. It analyzes the positive impacts of preventing unauthorized access, such as increased productivity and protection against malware, while also acknowledging potential negative impacts on employee privacy and morale. The analysis further delves into the actions taken by the administrator and the consequences of these actions, including the ethical considerations based on ACS professional standards. The study emphasizes the importance of balancing workplace security with employee rights, referencing relevant legislation like the Privacy Act 2018 and highlighting ethical values such as public interest, professional development, and professionalism in the context of ICT.

Running head: SECURITY ADMINISTRATION OF A COMPANY
Security Administration Of A Company
Name of the Student
Name of the University
Author note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
SECURITY ADMINISTRATION OF A COMPANY
Table of Contents
Introduction:.......................................................................................................2
Analyzing the consequences:............................................................................2
Positive impact areas of the process:............................................................2
Analyzing the actions:....................................................................................3
Decision according to ACS ethics code:........................................................4
References:........................................................................................................5

2
SECURITY ADMINISTRATION OF A COMPANY
Introduction:
Any personal data search and behaviour that is done on the organization’s
devices like desktops and laptops and on servers is always visible and collected to
the management and the employee administrators. All kind of searches those are
related and unrelated to the work ethics of the organizations are noted down for the
security purpose of the organization (Denning 2014). Even every click on sent emails
and searches or accessing of social media sites has to be checked and scrutinized
by the network security administrator of the organization. In this report framework the
same issue has been discussed where Mandy is the security administrator for the
company and is given the responsibility of providing weekly reports of the
employee’s activity on the web pages on the organization’s devices.
Analyzing the consequences:
Positive impact areas of the process:
The unauthorized access is when an employee is accessing to a website to
use someone else's account or other methods to access a website, program, server,
service or other system. For example, if someone guessed a password or username
for an account that was not theirs until they accessed it would be considered
unauthorized access (Greenshpon et al., 2013). This unauthorized access is harmful
for the organization ethics and directly hampers the work culture of the organization.
The company has the right to protect its computing and information sources. This
directly implies that the positive impact area of the administration is the organization
or the company where the administrator will impose the security measures. The
administration head and the board members of the company will be helped by the
work that is done my Mandy. The user access security process that will be done by

3
SECURITY ADMINISTRATION OF A COMPANY
the security administrator of the company will be effective on the employees and the
below board member level of the organization. This is not considered as a harm o
the employees but it may affect them on some work procedures where maintaining
the privacy for the employee is a concern. The denial to access unauthorized
websites allows the employees to dedicate on their job scope and deliver the given
target to the organization (Gelinas et al., 2017). This in turn creates a scope for the
organization to make high rise in profit for the company. Moreover the rule restricts
ransom-wares to restrict the spread of malwares and worm in the server network of
the company which creates a lag in the business. In long run the vigilance and action
system will prove to be profitable for the company where as in the short run it will
create negative behavioural changes among the employees. The restriction is
considered as a strong resistance to the hackers. The ransom-ware groups often
provoke the employees to access the unauthorized websites and links so that they
can easily send the complex data codes in form of worms and viruses into the
network of the company.
Analyzing the actions:
The negative effects of unauthorized websites on productivity can lead to a
loss of revenue; the widespread use of social communications networks has made it
possible to lose sensitive data of the organization. There was a high rise of
discrimination and harassment in the employee culture due to the employees using
social media (Thomas, Rothschild and Donegan 2015). The productivity loss and
leak of confidential information in various parts of the organization and outside the
organization was creating havoc. The implementation of a post like network or
security administrators has limited the misuse of internet in an organization.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
SECURITY ADMINISTRATION OF A COMPANY
Decision according to ACS ethical codes:
According The ACS Professional Standards Board (2007) the organization
has the full rights to monitor and restrict the usage and access of the employee on
the company’s devices (Pilgrim 2013). There are many cases registered to prove the
rise in access of unauthorized web pages by the employees.
The three values of ACS that are applicable on the matter of privacy control
are:
 The primacy of public interest, which also states the clause to identify
the potentially impacted by the work and explicitly consider their
interests.
 The second value to be implemented will be the professional
development by which Mandy can increase the awareness of issues
that are affecting the profession and the relationship with the
customers. In this case the awareness that is needed to be highlighted
is the use of unauthorized websites which turns in wastage of time and
low productivity and also can affect the system by ransom-wares. The
value of professional development also clauses the support education
and training for professional development of the employees in the ICT
that will reflect the needs of the employees in their career. The proper
training will provide the employees to know the importance of the
matter why it is restricted to use unauthorized websites in office.
 The third value of ACS states professionalism, which can also be
mentioned to refer with the above mentioned case. Two clauses that
can be effective from this value are the aim of the organization in
extending public knowledge and understanding the ICT and restricting

5
SECURITY ADMINISTRATION OF A COMPANY
from miss-conducting the professional role which breaches the laws of
ACS.
The most recent Legislative law that has been published is the Privacy Act
2018 which is bounded by the Australian Privacy Principles that obliges data breach
like unauthorized access of websites in organization devices.
References:
Denning, D.E., 2014. Framework and principles for active cyber defense. Computers
& Security, 40, pp.108-113.
Gelinas, L., Pierce, R., Winkler, S., Cohen, I.G., Lynch, H.F. and Bierer, B.E., 2017.
Using social media as a research recruitment tool: ethical issues and
recommendations. The American Journal of Bioethics, 17(3), pp.3-14.
Greenshpon, A., Karidi, R., Helman, Y. and Rubin, S.A., Microsoft Corp,
2013. Estimating and visualizing security risk in information technology systems.
U.S. Patent 8,402,546.
Lakbabi, A., Orhanou, G. and Hajji, S.E., 2013. Network Access Control Technology-
Proposition to contain new security challenges. arXiv preprint arXiv:1304.0807.
Pilgrim, C.J., 2013, May. Industry involvement in ICT curriculum: a comparative
survey. In Proceedings of the 2013 International Conference on Software
Engineering (pp. 1148-1153). IEEE Press.
Thomas, S.L., Rothschild, P.C. and Donegan, C., 2015. Social networking,
management responsibilities, and employee rights: the evolving role of social
networking in employment decisions. Employee Responsibilities and Rights
Journal, 27(4), pp.307-323.