An Analysis Of A Energy Company’s Systems and Update of Security Policies.
Student’s Name
Institutional Affiliation
Date
An Analysis Of A Energy Company’s Systems and Update of Security Policies.
Introduction
A Company deals with the production of components for energy efficiency and energy generation products in the United States. It has more so specialized in design, development, and production of the highest quality components for energy generation and energy efficiency customers. It has an extensive history as a supplier to energy efficiency and energy generation companies. This has made it stand out in the energy industry but not without challenges. It has therefore developed robust security policies to guard its operations both internally and externally. The development of the Data Security Policy, Employer Security Policy, and Accounting Security Policy helps the company keep off some potential threats and unethical practices to the company’s technology (Kim, & Routledge, 2018).
Effectiveness of A Energy Company’s security regarding ethical issues.
Ethical issues refer to the use of technology for the right purpose without inconveniencing the users or breaching into privacy and beliefs. The IT team has designed a robust plan security system to help manage the use of technology for both internal and external users. The servers in the IT infrastructure are each located in a cabinet with restricted access implemented. The company has ensured that only the IT director and at least three other IT team members have access to the server cabinets after being trained on the same. This has guaranteed the privacy of the information of the company due to the limited access. Trust and individual autonomy have been encouraged through this digital technology since individual client information is kept private due to restricted access. The company has put its trust in the few IT staff to access the servers with the company’s and clients’ information (Al-Shomrani, Fathy, & Jambi, 2017).
Data Security Policy – The data privacy is ensured with access to the database server requiring an SSL connection to protect sensitive data. This is supported by a tracking system for the electronic key card system responsible for tracking people’s movement from the office area to the research area. The document access servers provide secure access to all documents with permission to access such materials in the file structure assigned by the user only. This high profile security to the company’s data and the building is an ethical practice that promotes trust between the company and its clients.
Employer Security Policy – The physical location of the company is of high priority for the IT team, where they have set up an alarm system that communicates with an offsite alarm monitoring service (Spiekermann, Korunovska, & Langheinrich, 2018). To ensure safety of the employer, each employee has been issued with an electronic card to swipe upon entering the building and during any movements with the structure. Besides, there has been a set-up of a high resolution, digital surveillance system sending images of the external doors of the building.
Accounting Security Policy – the users of services provided by the company have their information provided in the company’s website and network collected, secured, and stored to protect to ensure the user’s privacy and personal information. Ethically, this privacy builds trust between the company and the clients (Shilton, & Greene, 2019). This privacy is made possible by the company’s use of cookies to transfer short pieces of information to the client’s hard drive for storage and record-keeping purposes. In this case, if the user has set their browsers to refuse cookies, there are some activities on the website which may not be accessed. The use of cookies helps to provide a more personalized service to the user by giving logging in and out of the website.
Unethical uses of the company technology by internal users.
The first potential unethical use of company technology by the internal user is where the staff member shares the company’s sensitive documents, which contain propriety information on procedures and processes for part design and development. This may be possible because the company allows its employees to use personal cell phone devices at the workplace, which can be unethically used to send confidential information to the company’s competitors. This action would breach the company’s production privacy. The potential competitor may own its design and development procedures since the user had access to the documents as it’s the user who assigns the permission levels for access to records in the file structure, making it possible for sharing with the company’s potential competitors.
Unethical use the company’s technology by external users.
An old company’s client may share the company’s private data information such as credit card information, social security numbers, or contact information with a potential competitor in the market who may use it to build up the stiff competition. In some cases, such clients may be allowed access to some private information to help them in accessing the company’s services even though with the assigned security agreement. This is unethical as the company’s autonomy in operations is put at risk and may experience some challenges from the market.
The other potential unethical use of the company’s technology by the external users is where a user share disrespectful or abusive information and images on the company’s public forum and other public sections of the website, which may dent the company’s image to the other users. This may be an intentional act by a user who may have bad intentions towards the company and is out to destroy its image and reputation.
Effectiveness of A Energy Company’s security policies in regard to security threats.
Security threats refer to any external factors which may alter the normal operations of the company’s system. They have adverse effects on the company’s operations.
Data Security Policy – the company’s IT team was supported by an intrusion detection service that analyzed data for cyber-attacks or critical threats and provides a response. Those external to the organization have been given a restriction to access the company’s information by a set of distinct external and internal networks, only allowing access to all internal resources of the company. (Bertino & Ferrari, 2018). In case of any crisis or disaster with the primary site, the duplicity of the web servers and the database is created at the other site.
Employer Security Policy – all visiting guests are to receive a visitor’s electronic identification card with a code to allow access to only approved areas of the facility. This is to ensure that only approved guests are allowed entry to prevent any external threat to the employer. These may also be required to sign a nondisclosure form to protect propriety information and technology. Risks that may arise from unauthorized personnel entry into the facility or use of the company’s network are monitored through the high-definition digital cameras mounted around the building. These cameras record movement at each site’s external and internal locations and have their images saved for future analysis.
Accounting Security Policy – The company’s policy states that the company does not distribute, sell, or rent out the data collected with other individuals or organizations. The data transmissions not completed through an SSL connection between the website and the user may not be completely secure and may pose a risk to the data transferred through the internet. To reduce such exposures to threats, the users of the website’s public forums are reminded in the agreement not to reveal personal information (Danks, 2016) publicly. Therefore, this reminder makes the company not responsible for any consequences from such disclosures of personal data by the users.
Personal computer security has location tracking for laptops in theft or loss, VPN access, and virus protection. Suppression and fire detection systems provide early warning signals of smoke detection. Emergency power supplies and lighting managed by the IT team are adjusted to provide enough lumens to the office space (Barocas, & Selbst, 2016).
Potential security threats to company technology from internal users.
The first potential security threat to the company’s technology is where the employees use it for their businesses, which may be rivals. When a senior employee has the company’s essential production information, it may be effortless for such staff to use such to implement their projects. They may set up a similar company or plan in a different place; use the company’s resources to carry out their activities at the company’s expense. This action threatens the company’s operations since there is likely to be a stiff competition given that this user is the company’s internal producer and now a producer at his own company.
When an employee decides to disable his or her company laptop computer’s location tracking and password, and while on transit, the laptop gets lost. The company stands at a high risk of having its potential and private information accessed by strangers. This may be an intentional or unintentional act by the employee, but the result is that the company is exposed to severe threats. Any limited access to the company’s private data and information may lead to a huge loss to the company as the strangers may have access to very private and vital information.
Potential security threats to company technology from external users.
An external user may pose a threat to the company by cracking the company’s password to have access the servers hence putting the company at risk of cyber-attacks. In this case, the unauthorized user may gain access to the company’s sensitive information,, which may robg of clients interferering with the company’s operation system.
The other potential threat may come through the database developer who may share the company’s data and information with third parties. Since the database developer has access to all the information and the company’s data, the company’s immunity is in the hands of its database developer. The developer may share the company’s data with unauthorized third parties, which may expose the company to high risks of data access by strangers. This threatens the company’s privacy of data and confidentiality as it may lead to imitations leading to competitions.
Updated company policies
- Data Security Policy
This policy is to inform all employees at A Energy Company of the rules and procedures concerning data security compliance. It applies to all employees, contractors, database developers, management, business partners, and any other parties with access to company data.
All parties to this policy are responsible for observing the policy and reporting any activities that do not comply with it. All these parties MUST sign a copy of this policy and keep it in the company’s file.
Any party found to violate this policy in any way either compromising corporate or personal data, maliciously or unintentionally stealing will be subject to disciplinary actions or be subjected to legal actions against them.
- Employer Security Policy
All employees will receive computer-related training and organization security when, after being recruited, and they must agree to the security requirements of the company. They will each be given passwords and user IDs, and therefore, they have to maintain the secrecy of these passwords and strictly follow the company’s security procedures.
Anytime the staff is not using the computers, they should be logged out and switched off. The employees’ offices are to be fitted with high-resolution digital cameras and CCTVs to help the management monitor each employee in their various work stations.
All visiting guests should only be allowed access to public areas and not be allowed into the company’s production areas. They should be under the strict guidance of the security personnel and only use the visitor’s electronic identification cards.
Clients should not be allowed access to the company’s private information regardless of their status in the company, as they may not be fully trusted.
Violations of this policy, either intentionally or unintentionally, will be treated with severe repercussions of being subjected to legal punishment to the full extent of the law.
- Accounting Security Policy
This policy is issued to each employee at the time of recruitment. It may be reviewed from time to time by users of the company’s website and the updates documented and made available on the intranet.
An only specific number of employees is to be assigned user-profiles and passwords and to be granted authorization. The usage information is then only shared in aggregate for evaluation to appropriate management staff for confirmation of acceptable use.
The company puts strict access to the website’s public sections by any user to only allow authorized individuals from the public to access it.
Any violation of the company’s Accounting Security Policy by any party attracts punishment, which is prosecution through the law’s full extent.
Mitigation of unethical issues
The company’s updated policy states that the clients will now not be allowed to access the company’s private information regardless of their status, enhancing the privacy of information that could otherwise be unethically disseminated by such clients to third parties. The other restriction that all computers not in use to be logged out and switched off will prevent any unauthorized access to propriety information. The management’s keen monitoring of the employees in their working areas through the use of CCTVs ensures that the employees remain adherent to the company’s ethical procedures. The new policy imposes a new punishment to any violator of the company’s security policies. The violators will not only face disciplinary actions but will be subjected to lawful prosecutions. This instills fear to anyone with unethical intentions hence prevent them from carrying out their activities.
Mitigation of security threats
The new company policy involves the database developer by signing the Data Security Policy, which restricts them from sharing of the company’s private information with any third party. The plan also directs that all visiting guests should not be allowed entry into the production areas as this may cause a threat to the company’s production process through imitations. There is also a new restriction of access to the public section of the company’s website. This prevents any access by unauthorized parties who may misuse the private information of the company’s clients. The new mode of punishing the violators through prosecution is a great hindrance to any user who may wish to breach such security measures.
Conclusion.
The A Energy Company has put a great concern on its security system to enable it to continue its operations in the market smoothly and to compete favorably with its competitors. Designing the various security policies, training the users, and then allowing them to sign the policy documents guarantees the company absolute security. Any company needs to ensure that its clients, employees, facilities, and the company are all secure from any external threats and unethical practices. However, the A Energy Company’s security documents do not provide maximum protection leaving an allowance for security breaches. This has called for new updated policies that will, therefore, take care of the gap.
References
Al-Shomrani, A., Fathy, F., & Jambi, K. (2017, March). Policy enforcement for big
data security. In 2017 2nd international conference on anti-cyber crimes
(icacc) (pp. 70-74). IEEE.
Angst, C. M., Block, E. S., D’arcy, J., & Kelley, K. (2017). When do IT security
investments matter? Accounting for the influence of institutional factors in the
context of healthcare data breaches. Accounting for the Influence of Institutional Factors in the Context of Healthcare Data Breaches (January 24, 2016).
Angst, CM, Block, ES, D’Arcy, J., and Kelley, K, 893-916.
Barocas, S., & Selbst, A. D. (2016). Big data’s disparate impact. Calif. L. Rev., 104,
671.
Bertino, E., & Ferrari, E. (2018). Big data security and privacy. In A Comprehensive
Guide Through the Italian Database Research Over the Last 25 Years (pp.
425-439). Springer, Cham.
Danks, D. (2016). Finding trust and understanding in autonomous systems. The
Conversation. Retrieved from https://theconversation.com/finding-trust-and- understanding-in-autonomous-technologies-70245
Kim, T. W., & Routledge, B. R. (2018). Informational privacy, a right to explanation
and interpretable AI. 2018 IEEE Symposium on Privacy–Aware
Computing. https://doi.org/10.1109/pac.2018.00013
Martin, K. (2019). Designing Ethical Algorithms. MIS Quarterly Executive, June
Shilton, K., & Greene, D. (2019). Linking platforms, practices, and developer ethics:
Levers for privacy discourse in mobile application development. Journal of
Business Ethics,155(1), 131–146.
Spiekermann, S., Korunovska, J., & Langheinrich, M. (2018). Inside the organization:
Why privacy and security engineering is a challenge for
engineers[40pt]. Proceedings of the IEEE, PP(99), 1–16.