This report examines the reasons for the network outage that caused the breakdown in the Security Operations Center that was recently experienced in the company - Computer Ethics introduction. The report examines both technical problems and human: including human resource problems within the company.
More Essay Examples on Ethics Rubric
According to the interview that was done to key staff members of this department within the company, it was found out that some of the problems included; the number of staff in the department being too few to manage the operations of the department, thus operations procedures were not always followed since staffs have some other duties to perform at the same time, and again firewall changes weren’t approved by the appropriate staff. New recruits within the SOC department were not given adequate training and therefore have no confidence in their jobs. Besides all these, there is no team work within this department particularly among the shifts and thus make it difficult to coordinate the work. Again there is no proper monitoring procedure and the personnel to do that job since everyone is busy with other operations.
These problems mentioned above make development hand testing software programs meant for encountering security problems to be very difficult as was experienced earlier on in SOC department. According to Hower, (2010), after developing the software there is need for thorough testing of the software that includes doing tests to specific functions of the software that is undertaking a unit by unit testing; testing of combined parts of the code modules so as to determine whether the program is sable to run without any hitches. This also includes testing whether application on network of the client and the server is functional and its vulnerability to risks. Lastly there it is also appropriate to test the functionality of the software whenever ha new function is added before all parts of the program is put to operation. This would only be possible if all parts of the department are well co-ordinated and are empowered to work as a team. This requires that each department has efficient personnel who are experts within the given areas of the program development and that the personnel are adequate so as to concentrate in the program development. It is also necessary that maximum supervision and quality check is done at every stage so that cases of negligence such as the ones currently suspected to be happening in the SOC department are minimized and controlled. This would ensure that the company’s reputation is not damaged.
In order to co-ordinate the activities of the company, individuals within the company have to perfectly play their roles. The company has a network administrator whose roles include developing policies and procedures, and setting standards and guidelines for the operations of SOC department. This forms the framework for all the operations within this department. These controls are applied in the development and use of software. He also develops software such as network intrusion detection, intrusion prevention systems, passwords so as to monitor and control access to information and computing systems within that department. This reduces cases of breach of confidentiality within the company. Thus there should be software to restrict access to members of staff to protected information which should only be accessed by authorized individuals. According to Libenson, (2007), this is achieved by developing Identity and Access Management program which identifies all the individuals within the company and allowing access to systems and information meant for them. This system would ensure authorized members of staff perform the various duties designated to them perfectly since they don’t overlap to other duties.
Supervisor also has a very critical role to play for this department in an organization. One, he ensures that teams involved in the software development have been properly trained to perform efficiently especially on how to identify security vulnerabilities of the software that they are developing. He co-ordinates all the units involved in development process by ensuring that the auditing team is integrated in the design process and that they are all using the same set standards so that each unit function is audited before combining all the parts (Perrin, 2010). He ensures that each architectural design has been perfectly done. This includes ensuring proper implementation of software that would guarantee limitation of members of staff to certain sites or system within the department by denying them accessing to un authorized or unsafe sites. This is done by ensuring that individuals always access systems or information using unique codes for every individual. He ensures that individuals have the most updated version of the browser. The supervisor ensures that security vulnerability is identified and fixed and users of the software made aware before it is put to use. He is the one in charge of monitoring for any intrusion of the system.
According to some key members of the staff, breach of confidentiality is very common within the SOC department. This includes sharing passwords since members do not log off when they finish their part and instead let somebody else continue or because they are too involved in other duties to remember to log off. They also involve in shoulder-surfing when an individual is doing his or her part.
According to Drummer, (2010), in order to determine the cause of the breach within a company there is need to use Symantec Data Loss Prevention that enables monitoring of network and email traffic for sensitive data in motion and to alert the security team about violations in policy for appropriate measures to be taken within the shortest time possible.
In order to ensure full security within an organization, security controls that are developed by the SOC department should ensure the integrity and confidentiality of the data and systems. There is also the need to install cameras and ensure that signing in and out is maintained so that everyone who accesses any system or information is tracked. Lastly, any changes on any system or program must be tested and audited under the supervision of the supervisor before being put into use.
Drummer, A. (2010). A Roadmap of Shortcuts and Hazards
Hower, R. (2010). Software QA and Testing Frequently-Asked-Questions http://www.softwareqatest.com/qatfaq1.html
Libenson, E. (2007).Passwords management for unix and linux systems. Haymarket Media
Perrin C. (2010).Corporate ethics versus security ethics.