Ahmed Kasim Hasson AL Dhahebat

20200001132
MBA-657

IT Security Case Study

1|Page
Table of Contents
Answer to question no 1:...............................................................................................................2
Ethical hacking:............................................................................................................................2
Pros:.............................................................................................................................................2
Cons:............................................................................................................................................2
Answer to question no 2:...............................................................................................................2
Importance:..................................................................................................................................3
Answer to question no 3:...............................................................................................................3
Answer to question no 4:...............................................................................................................4
Answer to question no 5:...............................................................................................................4
References.......................................................................................................................................4

2|Page
 IT Security Case Study

Answer to question no 1:
Ethical hacking:
Ethical hackers, which they also called/known as white hats. The ethical hacking can be defined
as an unauthorized access with an authorized attempt or permission. The permission is given to
white hackers to get an authorized access to a specific data, or computer system. Ethical hacking
involves the computer experts who are hired by organizations to maintain and manage the
computer security systems for that organization. The individual who executes ethical hacking are
known as ethical hackers. Ethical hacking is a legal activity because it involves the permission of
top management of the organization and helps an organization to protect its important
information from its competitors and other social networks [ CITATION Tra11 \l 1033 ].

Pros:
 The most significant benefit of ethical hacking involves that it is an ethical activity which
is considered legal in different countries.
 It helps organization to protect the data
 It helps an organization to avoid different cyber threats.
 The cyber threats are avoided and dealt with a perception of a hacker.
 Vulnerability against the cyber threats can be test out and improved by hiring an ethical
hacker [ CITATION Sco19 \l 1033 ]

Cons:
 The risk of files getting corrupt increases which can cause a great damage to an
organization.
 Hiring ethical hackers can increase a significant cost for the company or an organization.
 Privacy may get disturb by executing hacking activities in the company [ CITATION
Tho18 \l 1033 ].

Answer to question no 2:
Different components are involved while establishing a plan to manage the cyber security threats
in an organization. The pillars considered while planning strategies to deal with cyber security
threats involves protection of existing data, cyber perimeter development for the organization
and monitoring all the threats for the company. The components involved in managing the cyber

3|Page
security risks involves identi9fication of different potential risks by the organization. Evaluation
of impact of those risk on the performance and growth of the company is also involved in the
cyber security risk management. Additionally, strategies to deal with the risks if they become
reality for the organization is also involved in cyber security risk management plan [ CITATION
See21 \l 1033 ].

Importance:
It is critically important for every organization to maintain an effective and efficient cyber
security risk management plan in order to avoid diversified and significant loss for future. It can
play a crucial role in development and growth of an organization because it helps to protect the
data from unauthorized sources and competitors. The vital information can be saved with its
implementation in an organization [ CITATION Ger16 \l 1033 ].

Answer to question no 3:
Leadership provides the direction to the company to take different actions, develop significant
strategies to achieve long term and short-term goals. A leader of an organization influences its
employees and guide its employees in a specific direction. Core values could be
described/interpreted as the collection of values, beliefs, and attitudes of a person. The core
values of an organization or group are developed by its leader. The leadership skills help the
leader to consider the core values such as honesty, safety, equality, and trustworthy while taking
different actions in an organization. It includes the professional and personal beliefs of an
individual which influence the decision making in different departments of an organization
[ CITATION Jes191 \l 1033 ] . The IT department is also influenced by the core values of an
organization and core values implementation by the leader of the company or organization. IT
governance is also influenced by the leader’s and organization’s core values. If an organization
core value includes integrity, honesty, accountability, and discipline then IT governance will
monitor whether the IT department of organization is considering the core values guided by its
leaders or not. It increases the efficiency, and effectiveness of an organization to achieve its
various goals and objectives. The University governance is the department which monitors
different departments and analyze the performance of each management. The core values
provide standards to university governance and the performance of IT department can be
measured on the basis of standards provided by leader’s and organization’s core values.

4|Page
Therefore, it has been concluded that leadership, core values, IT governance, and University
governance have significant relationship.

Answer to question no 4:
Stakeholders are those individuals which are directly or indirectly affected by the operations of a
company. In this case different stakeholders are involved. Since a university has a diversified
network of stakeholders. In this case the top management individuals, IT governance, investors
of university, students, and security department are included as the stakeholders. The security
company and hackers are also considered as the stakeholder of the university because they're
directly or rather indirectly influenced/affected by the resolutions/choices/decisions and activities
of university. The stakeholders including the security company, IT director, and Vice president
of the university act ethically in this case scenario. They did not hire the hackers and gave them
permission to get the unauthorized access to the files and data of the university. If they had took
this step then it would be very difficult for university to protect the other data from getting
corrupt. The privacy of students, and teachers may also get affected. They handled the situation
very carefully and ethically. Th hackers disappeared by themselves when the upgradations took
place by the IT security company.

Answer to question no 5:
Cyber security risk management plans are developed when the risks become reality [ CITATION
Bet21 \l 1033 ]. The threats and risks are identified and specific actions are taken by the cyber
security department to deal with the threat. In this case the hackers hacked the files to give the
prove of hacking to the IT department of the university. In this case the IT department should
have changed their logins passcodes, and emails in order to get rid of the cyber breach
immediately. After changing the passcodes, the IT department should have checked which if any
other data was stolen or not by the hackers. After that right people like cyber security system
should be contacted so that they could take effective measures to protect the data, sensitive
information, and privacy. The strengthen logins, and security should be adopted by the IT
department when their system was hacked by the white hats.

5|Page
References
Caldwell, T. (2011). Ethical hackers: putting on the white hat. Network Security, 2011(7), 10-13.

Georg, T., Oliver, B., & Gregory, L. (2018). Issues of Implied Trust in Ethical Hacking. The
ORBIT Journal, 2(1), 1-19.

Gupta, S., Mohanty, B., & Pattnaik, P. K. (2021). Taxonomy of cyber security metrics to
measure strength of cyber security. Materials Today: Proceedings, 3(1), 66-69.

Kovacich, G. L. (2016). Chapter 7: The Cyber Security Program’s Strategic, Tactical, and
Annual Plans. The Information Systems Security Officer's Guide (Third Edition), 119-
129.

Nicholson, S. (2019). How ethical hacking can protect organisations from a greater threat.
Computer Fraud & Security, 2019(5), 15-19.

Rudnick, J., Niles, M., & Cramer, L. (2019). A comparative analysis of governance and
leadership in policy networks. World Development, 117, 112-126.

UchenduJason, B., Nurse, R. C., & Furnell, S. (2021). Developing a cyber security culture:
Current practices and future needs. Computers & Security, 109, 102387.

6|Page