Why Choose Us?
0% AI Guarantee
Human-written only.
24/7 Support
Anytime, anywhere.
Plagiarism Free
100% Original.
Expert Tutors
Masters & PhDs.
100% Confidential
Your privacy matters.
On-Time Delivery
Never miss a deadline.
CMIT320 Week 4 Discussion Ethics An IT administrator for Acme Inc
CMIT320 Week 4 Discussion Ethics
An IT administrator for Acme Inc., a small anvil manufacturing company, used her personal email address when creating cloud-based work accounts with CloudEmails.com for the company’s employees. However, when Acme decided to fire the administrator for unspecified issues, it discovered that she was the only one with admin access to the CloudEmails.com accounts, which included email files.
Complicating matters was the fact that Acme could not find the password on the former administrator’s computer; officials suspected that she deleted key files after she was terminated.
When the company contacted the fired administrator, she refused to provide the password credentials. CloudEmails.com, meanwhile, also refused to allow access to the files, saying that only the administrator could agree to allow access to her personal account.
-
What kinds of mistakes were made by the company and the administrator?
Expert Solution
Password Security Breach
The Acme Company failed to institute access control privileges to sensitive company employees' files created by its IT administrator leading to the cloud-based work account security breach risk. Since the IT administrator used her email and password to create cloud work-based accounts and access the Acme Company's files, her termination led to employees' risk of an information security breach (Moore& IGI Global, 2017). Access control refers to security privileges that allow users to be positively identified and granted permission to access company data. Most companies handling highly sensitive data for their users' utilize access control as a selective method of restricting data access. Access control constitutes user authorization and authentication. System access authentication is a technique that verifies an individual's identity. However, authentication does not protect data sufficiently without using authorization as an additional layer of protection. The Acme Company had failed to use system access authentication and authorization as two-factor authentication.
The Acme Company failed to separate employees' highly sensitive information files’ password from the IT administrator's email password. For instance, the Acme Company was unable to implement administrative controls that allow employees to sign confidentiality and non-disclosure agreements to prevent exposure of the company's data when an employee loses their job (Tehan, 2008). Moreover, the company failed to utilize technology control tools such as DLP tools and logging databases and network activities. Further, the company did not remove the IT administrator's access to its network before the employee leaves the organization.
The IT administrator working for the Acme Company made the mistake of using her email to create cloud-based work accounts risking invasion of employee privacy. Instead, the IT administrator should have used the organization’s email or an email specified by the company (Tehan, 2008). Furthermore, the IT administrator failed to disclose the password used to access the company’s cloud-based work accounts before leaving the company. As such, the IT administrator risked exposing the company employee's data to the public by not disclosing password credentials.
References
Top of Form
Top of Form
Moore, M., & IGI Global, (2017). Cybersecurity breaches and issues surrounding online threat protection.
Tehan, R. (2008). Data security breaches: Context and incident summaries. New York: Novinkna Books.
Archived Solution
You have full access to this solution. To save a copy with all formatting and attachments, use the button below.
For ready-to-submit work, please order a fresh solution below.
