Effect of Insecure Technical Control
North Babylon School was unable to send or receive emails from their email system; this was due to the order being infected by malware as introduced in milestone 1. In pillar 2, after analyzing the administrative physical and technical control, the school realized that the professional control measure was not secure. The insecurity of technical controls was not connected to either teachers or students. Also, equipment or physical access or internal usage or separation of responsibilities were not connected to the attack. The system had to be shut down so as to figure out what caused the attack. The school network engineer found out that ransomware had affected the internal running operation of the system due to unauthorized access of the school software.
Technical control measures are a digital control system where organizations use to operate and maintain their digital information(Harrell, 2012). This system makes work easier, but it can have insecurity issues like malware. Malware occurs when unauthorized software infiltrates the computer system and results in damaging the computer or stealing private information from the computer. Malware has an adverse effect on the organization; it can make private information be accessed by unauthorized people. Also, it can make the organization not run since it interferes with the communication system of the organization, yet the communication system is the backbone of the organization. Malware, if not detected fast, can slow down the organization’s operation if it does not stop the operation from running fully. The connection can also be slowed down.
Hacking of the school technical control system can’t be prevented fully but can be reduced or be avoided regardless of the kind of attack the school goes (Lipton;2016)t. Hacking can either be targeted or opportunistic. Targeted hacking is done when an organization is hacked slowly and with consistency while opportunistic hacking is hacking, which is automatic. North Babylon School can reduce malware attacks through the following way: First, the school has to create security for its email system to avoid malware attacks of the system in the near future. The school also has to update its system frequently; this will show that the administration is active and that it can manage its system. Thirdly, North Babylon School has to manage their teachers and students who are their end-users, to avoid unauthorized access to the school software system. Detection control infrastructure should also be installed in the school system to be able to detect malware fast to avoid inconveniences caused by shutting down the system when trying to figure out what is wrong with the system. Lastly, segmentation should also be considered in the school software system; here, malware can’t spread to other network nodes risking other software information from being reached. This can be attained through firewall policies and proxy servers(Lipton, 2016).
To sum up, the Technical control system should be secured at all costs. This is to prevent the organization from breaking down due to access to their vital information to unauthorized people. Malware should also be checked upon since it cripples the organization’s communication system. Malware attacks can’t be prevented fully, but an organization can reduce the chances of its software system from being attack by malware.
REFERENCES
Hartrell, G. D., Steeves, D. J., & Hudis, E. (2012). U.S. Patent No. 8,117,659. Washington, DC: U.S. Patent and Trademark Office.
Lipton, R. J., Ostrovsky, R., & Zikas, V. (2016). Provably secure virus detection: Using the observer effect against malware. In 43rd International Colloquium on Automata, Languages, and Programming (ICALP 2016). Schloss Dagstuhl-Leibniz-Zentrum fur Informatik.
