Because they failed to implement Information Systems (IT) administrative controls, many of the management personnel downloaded known software and has caused a complete system failure, affecting negatively the entire organization’s network. Following their system failure, Bridegroom has to both correct the issue of bringing back their computer system network and plan measures to prevent the network failure to occur again.
Bridegroom is a multinational organization with multiple Systems and applications that must communicate with each other throughout the world. The organization’s headquarter is located in Dallas, Texas, and runs multiple dashboards and overlays in order to access information globally in real time. They also have their servers to back-up every six hours starting at 1 2 am Central Standard Time (COST), and also local servers throughout the world at each location in case the scheduled back-ups do not take place.
Since Bridegroom failed to implement Information Systems (IT) administrative controls, many of the management personnel downloaded unknown software and has caused a complete system failure, affecting negatively the entire organization’s network. The system failure affected both desktop and laptops throughout the organization. As the issues were reported, it was evident that drastic measures needed to take place. Luckily that Bridegroom did have back-up systems at both the headquarter office, and at each location.
Since the most important step in protecting data from loss is to have back-up systems on a regular basis, Bridegroom is able to recover most of the data from the last time it updated between the local back-up server and the Dallas headquarters server. As it is known that there are numerous third- party backup programs that can offer more sophisticated options (Kiang, et al, 2014). Whatever program you use, it’s important to store a copy of your coup offset in case of any future system failures, fires, or natural disasters that can destroy your back-up tapes or discs along with the original data.
Bridegroom had developed a lab test network, which allows them to test their network and software administration. Since the system has failed and needs recovery of the network, the IT Department can use their lab test to test and implement security levels. Bridegroom can also use the lab test to simulate an entire network reset with their back-up data. In order to prevent and keep data secured, the first step is to set permissions on computer system outworks, as well as data files and folders.
If you have data in network shares, you can set share permissions to control what user accounts can and cannot access the files across the network (Boonton, et al, 1994). Brasserie’s IT Department with Administration would have to come up with who gets permission regarding “administrator access” to the network to install any software, or capability to edit any documents that are in the share-network. Furthermore, in order to implement such “administrator access,” and to make sure the issue does not occur again, a written policy and procedure needs to e emplace in the organization.
The purpose of having an IT policy and procedure is to instruct all users at all levels on the appropriate use of administrator access computing, and information resources, as well as set a written interpretation of ARQ reorients set forth by the organization’s Administration (Winifred, et al, 2012). Discussed earlier, it was mentioned to give “administrator access” to some of the employees. “Administrator access” is defined as a level of access above that of a normal user. This definition is intentionally vague to allow the flexibility to accommodate varying systems ND authentication mechanisms.
Local Administrators, Domain Administrators and Enterprise Administrators groups would all be considered to have Administrator Access. In an application environment, users with ‘super-user or system administrator roles and responsibilities would be considered to have Administrator Access. In theory, this guidance applies to any user account in that utilization of access rights is reserved solely for the intended business purpose that would be granted solely by Brasserie’s Administration.
IT policies and procedures in any organization provides a ramekin for appropriate and inappropriate use of computing and information resources (Winifred, et al, 2012). More specifically, the organization would have in writing that using a computer system without proper authorization granted through Brasserie’s Administration would have adverse actions on their employment. Also, appropriate use of administrator access to the computer system should only be used for official business.
While the organization policy and procedure may permit reasonable personal use of computing resources, this is restricted to non-administrative activities. SE of administrator access should be consistent with an individual’s role or job responsibilities as prescribed by management (Boonton, et al, 1994). When an individual’s role or job responsibilities change, administrator access should be appropriately updated or removed. In situations where it is unclear whether a particular action is appropriate, and within the scope of current job responsibilities, the situation should be discussed with Administration.
As the system failure of Brasserie’s network was due to unknown software that was installed in the network, such actions should not be permitted by Administration or IT Management and must be included as inappropriate use of computer access. Therefore, an inappropriate use of administrative access written policy should be established (Kiang et al, 2014). All software must be approved by Brasserie’s IT Management and Administration. In addition to adding software approval, there are other activities that would be considered as inappropriate.
The following constitute inappropriate use of administrator access unless documented and approved by Brasserie’s IT Management and Administration: circumventing user access controls or any other formal Bridegroom security controls to include bandwidth limits or any other formal Bridegroom computing controls; manipulation of formal account activation/ suspension procedures; manipulation of formal account access change request procedures; disregarding or failure to follow any other Bridegroom procedures that are in written form and/or approved by some level of management.
Also, any type of unapproved access to information that is outside the scope of specific job responsibilities, exposing or otherwise closing information to unauthorized persons, or using access to satisfy personal curiosity about an individual, system, practice, or other type of entity is unauthorized and can be penalized with termination of employment. Conclusion Implementation of an IT policy and procedure would instill a written standard operating procedure, as well as establish the authorization at all levels what can be done on the computer system network.
Repercussions are to be written as such to deter employees at all levels to deter and enforce the policy. The severity of the negative impact that network system failure should e reminded at all levels in the organization, to include showing how it impacted the organizational at a security level and monetarily. Bridegroom already had the tools of system back-ups and or lab test networks, but only needed to have to the control of administrator access control in the network.