Investigation to uncover the culprit
Information security is one of the biggest challenges in most of the organizations in today’s world. There are different kind of issues that the organizations face in terms of data security. Some of the most known issues are threat to data security, virus infections on the systems due to accessing unknown websites, phishing attacks from spam emails, intrusion to organizational data privacy from hackers through Trojan viruses, acts of employee vandalism etc. These issues often lead to huge economic losses for the organizations.
The following report will highlight the case study of a particular secondary school, which has faced similar security issues in the recent past since the login credentials of the school’s data bases has been published on the internet. Since then there have been discrepancies in the grades of the students, which in turn also affected the promotion rounds of many of them (MacAllister, Macleod and Pirrie 2013). The legal, ethical as well as the societal issues will be discussed along with data security recommendations that will be discussed in the following paragraphs.
Discussion:
Investigation to uncover the culprit:
The main point of investigation lies in the fact that there is a strict access control to the admin office and it is mandatory for admin staff, cleaners as well as the principal to get their access verified at the times of entering the admin office. They are the only people allowed in the office. Only the administrative stuff have access to the databases credentials, which are encrypted under the public keys of each admin staff with a GPG encryption version of 1.4.15. These encrypted credentials are stored in a FTP transfer, which is openly accessible to all, including the students.
The level of technical knowledge and expertise of the students as compared to the admin personnel themselves, regarding the process of “decryption of credentials” is quite low and it is even lower in case of the cleaners (Hansen 2013). Moreover, students ideally should not have a logical reason to get their grades changed or modified publicly on the internet (Perry and Southwell, 2014). However, the admin staff can do the same considering their own personal interests or simply to defame the brand value of the school (Haynes 2016). They may have internal conflicts or issues that had not been addressed by the principal or the school management in the past, which led them to get involved in acts of employee vandalism.
Another interesting observation is that even though the admin office is accessible only to the admin staff, principal and the cleaners, the music lab that is adjacently located can be anonymously accessed and used by anyone. From that, it can also be so derived that while some of the admin staff were discussing about the credentials among each other within the admin lab, another admin staff (probable culprit) from the music room might have overheard it (Lendrum, Humphrey and Wigelsworth 2013).
This could be possible since the music room is equipped with highly sensitive parabolic microphones that is capable of capturing sounds clearly even form a distance to allow the other admin stuff (culprit) to overhear the credentials (Alexander 2016). Each side of the admin office is four meters long and the walls are not ceiling high. Therefore, the admin office is not sound proof and there is every possibility for the culprit to overhear the credentials being discussed within the admin using the parabolic microphones within the adjacent music room (Biesta 2015).
Recommendation of security policies to prevent the security issues in the future
Students use the laptops for their academic related tasks. Eliminating the students, cleaners as well as the principal herself, it can be deduced that the head of the admin department is the culprit since he has the most privilege of access across the databases of the students and access to other admin staff is ultimately granted and approved by him (Onyinkwa 2014). That can be a possibility.
Recommendation of security policies to prevent the security issues in the future:
Considering the privacy issues that the school has faced there can be different recommendations to prevent such issues in the future. Some recommendations as provided to the principal of the school are provided below:
- Such high sensitive parabolic microphones should not be present in any room, which is adjacent to the admin office, considering the fact that the walls are not ceiling high, and thus not soundproof (Biesta 2015). The school management can also make just the critically important offices like the admin office sound proof.
- Staff public keys need not be distributed to the students since external hackers decrypt often their encrypted emails over the network they are being sent through even without the knowledge of the school management or the admin staff.
- Proper antivirus software such as Kaspersky internet solution should be installed in all the workstations and the IT administrators should ensure the computers within the school premises are regularly updated and security patches are up to date (Brooks, Riele and Maguire 2014). Network firewalls should be used across the school network to ensure that all unwanted and external requests from external sources or websites are blocked.
- Considering the security, related threats of the Thunderbird e-mail client equipped with Enigmail plugin some other client such as the AOL can be used.
- Access to the FTP server can be minimized to ensure only the intended person can access the data stored in it.
- Legal, ethical and societal issues are involved with the hack:
Legal issues:
- Employee Vandalism:As discussed earlier, this can be one of the major reasons why the hack may have occurred. It can be a possibility that the admin stuff were disgruntled with the school management and wanted to defame the image of the school (Zevin 2013). They may have corrupted the database or changed the grades of the students purposely in order to make it difficult to review the promotion rounds for few students (Zembylas 2015). They may also have claimed money from the students in return for getting their grades upgraded to enable them to be promoted or there can be multiple other reasons why the admin department could have misused the student database.
- Student code of conduct as well as policies of discipline:This includes the academic rights of the students that were not addressed by the students, which in turn infuriated the admin staff. Under such circumstances, improper decision of the principal or the school management could have caused this kind of an issue that ultimately harmed both the students as well as the school management.
- Government policies of data security:Government guidelines of compulsory network and system security and setting of strong passwords on the systems were not followed by the school management.
Ethical issues:
- Fraud with student’s merit: Due to the discrepancy of the student’s marks on the internet, it had caused actual meritorious students to appear weak in academics and vice versa on the internet. It had also caused negative psychological impacts on the students and their families, which is again the ethical rules of the governments that has to be followed by all the ethical institutes.
- Intrusion of student’s confidential information: The hackers have released the credentials of the student’s database on the internet that can be openly accessed by everyone within and outside the school network. They can login and see all the students’ information such as their marks, promotion status and other confidential information that should only be accessible to the students themselves, their teachers and the school staff. (Noddings 2013). This again is unethical.
Societal issues:
- Psychological impact on students: Due to the open availability of the student’s information on the internet, many students have been demotivated and they might run the chance of being bullied by their friends and neighbors about their academic merit. This in turn can cause them to start hating the concept of education and can be detrimental for their studies even in the future, considering the fact that they faced such an issue just while in their secondary school.
- Impact on parents and education industry as a whole: This act of hacking has stirred up the parents and they have started believing that due to the advent of technology, everything in the education industry can be altered. They can even start believing that there is no use of the fact that their children are meritorious because ultimately hackers or the school staff themselves have the provision of altering even the marks their children score. (Gardelli, Alerby and Persson 2014). It has been seen in recent studies that some students have even committed suicides after being traumatized by such unethical acts.
Conclusion:
Therefore, it can be concluded from the above report that information security is extremely important in the schools. There are different security measures that should be taken by the schools as well as other bodies, in order to ensure that the privacy of their data is maintained. It should be ensured that proper usage of antivirus as well as other security measures is mandatorily deployed in all schools and the teacher and other stud abide by the different standards. This will not only help students and their parents develop a sense of trust within the school management but will also ensure that the school improves its own business in the future by attracting more students in the future.
References:
Alexander, H.A., 2016. Assessing virtue: measurement in moral education at home and abroad. Ethics and Education, 11(3), pp.310-325.
Biesta, G., 2015. Resisting the seduction of the global education measurement industry: Notes on the social psychology of PISA. Ethics and education, 10(3), pp.348-360.
Biesta, G.J., 2015. Good education in an age of measurement: Ethics, politics, democracy.
Brooks, R., Te Riele, K. and Maguire, M., 2014. Ethics and education research. Sage.
Gardelli, V., Alerby, E. and Persson, A., 2014. Why philosophical ethics in school: implications for education in technology and in general. Ethics and Education, 9(1), pp.16-28.
Hansen, O.H.B., 2013. Promoting classical tolerance in public education: what should we do with the objection condition?. Ethics and Education, 8(1), pp.65-76.
Haynes, F., 2016. Ethics and education. Encyclopedia of Educational Philosophy and Theory, pp.1-5.
Lendrum, A., Humphrey, N. and Wigelsworth, M., 2013. Social and emotional aspects of learning (SEAL) for secondary schools: Implementation difficulties and their implications for school?based mental health promotion. Child and Adolescent Mental Health, 18(3), pp.158-164.
MacAllister, J., Macleod, G. and Pirrie, A., 2013. Searching for excellence in education: knowledge, virtue and presence?. Ethics and Education, 8(2), pp.153-165.
Noddings, N., 2013. Caring: A relational approach to ethics and moral education. Univ of California Press.
Onyinkwa, J., 2014. Factors influencing compliance to procurement regulations in public secondary schools in kenya: a case of nyamache district, kisii county (Doctoral dissertation).
Perry, L.B. and Southwell, L., 2014. Access to academic curriculum in Australian secondary schools: A case study of a highly marketised education system. Journal of Education Policy, 29(4), pp.467-485.
Zembylas, M., 2015. ‘Pedagogy of discomfort’and its ethical implications: the tensions of ethical violence in social justice education. Ethics and Education, 10(2), pp.163-174.
Zevin, J., 2013. Social studies for the twenty-first century: Methods and materials for teaching in middle and secondary schools.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
