Mal-Adapted Essay Example | Topics and Well Written Essays - 1000 words

Mal-Adapted - Essay Example The mentioned contributions, however, are not exhaustive and are only intended to demonstrate the extent to which IT has become an integral part of corporate life and the business process. At the same time, however, IT functions as an organization's primary area of vulnerability as it is through their malicious use that attackers can infest an organization's system with viruses, worms, spyware and countless other types of malware (Gold, 2001; Rhode-Ousley, Bragg and Strassberg, 2003; Chen, Thompson and Elder, 2005). In light of dependency versus vulnerability, therefore, it is incumbent upon organization's and business entities to institute such protections as would shield the entity from such attacks. Sometimes, however, whether intentional or unintentional, the attack may come from within. Discussing the extent of my organization's vulnerability to malware with the head of the network and ICT department, I learnt that the company had been subjected to several attacks in the past, two of which were quite serious and, both caused by the activities of employees. As the head of the ICT department remarked as a prelude to his description of the attacks, two years ago and, in the wake of an external attacks which bordered on the catastrophic, the organization made a substantial investment in network security. At the department's recommendation, the organization's leadership consented to the implementation of third generation IA technologies which focused on in-depth defense. As explained by Liu, Yu, and Jing (2005, p. 112) this type of IA embraces all of as "(a) boundary controllers, such as firewalls and access control, (b) intrusion detection and (c) threat/attack/intrusion response." Upon the implementation of the defined system, the general assumption was that the organ ization was immune to external attacks and to malware. This, as evidenced by later events, was an erroneous assumption. The source of the first malware infestation suffered by the organization following the implementation of the defense in depth IA system, came from the Research an Development Department. The ICT department had initially recommended the securitization of the network against direct downloads from the internet, even at the explicit request and consent of users. The R&D department had vehemently argued against this, emphasizing that were such a security procedure to be implemented, their work would be literally brought to a standstill. The argument presented was persuasive and, therefore, the R&D department maintained the mentioned privilege. Less than two months following the implementation of the system, complaints regarding adware and spam email which contained malicious attachments, remained high, to the extent that it seemed as if the defense in depth system installed was ineffectual. Indeed, the department remained as engaged as ever in the removal of adware and in dealing with malicious spam. Needless to say, the cost of wasted time and effort was substantial since, as the employees whom I discussed this event with recalled, attempting to access the internet was futile. Pop-ups and constant redirections from addresses initially requested simply meant that getting any work done was a monumental task in itself. The ICT department, as the head informed me, determined to trace the source as the possibility of the installed system being ineffectual simply defied logic. As the