Disaster at a University Essay
Question 1
What are the issues that you see in TKU’s overall IT management, processes, and security policies?
The key issues that I can see in TKU’s overall IT management, processes, and security policies are leadership issues, management issues, and technical issues. In this case study, there is much evidence that an educational institution like the TKU has a well-developed organizational structure that involved the use of five divisions with the President’s Office at the head. Undoubtedly, it requires the application of the proper leadership skills to ensure that the key operations are effectively controlled. The personnel should have strong leadership skills and the ability to encourage others. IT management is focused on the initiation of different processes which should be properly managed. Hence, management skills are crucial to the TKU’s personnel. Finally, the implementation of the established security policies requires having the proper technical knowledge. The duties and responsibilities of the system administrators should include security responsibilities as the primary duties to ensure the successful implementation of the system.
Question 2
What is social engineering? How was the contractor able to obtain access to the TMS?
Social engineering is the use of psychological and cognitive approaches to gain access to information without being authorized. It was found that the auditor had many examples of lax information security
at the TKU, including the lack of a properly coordinated security policy, failure to follow the established policies, and the use of phones to request valuable information, such as sharing the password over the phone, etc. In other words, the contractor was able to obtain access to the TMS in different ways. The contractor was in the middle of upgrading servers. He wanted to obtain access to the TMS using deceptive methods to steal the information. The contractor was involved in overseeing the upgrade of servers on the storage network and got information on the transaction management system. The contractor had access to the storage network, she got the IP address and wanted to get his login. She used the free tools found on the Internet in order to scan the system and obtain the username and password to have access to the TMS.
Works Cited
Ayyagari, Ramakrishna & Tyks, Jonathan. “Disaster at a University: A Case Study in Information Security,” Journal of Information Technology Education,11(2012): 85-96.