Educational Technology Audits Essay Example

An educational, technological audit is necessary for ensuring that the systems used by the school are secure and operating effectively to solve the needs of the university. The audits are meant to inform the institution on how the systems that they are using are and what needs to be done to ensure that the institution information systems. Audits were done and various risks. The institution found out various risks within the systems of the university that was a threat to the institution. Identifying the risks will enable the institution to come up with strategies that will mitigate the risks associated with the risks.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Among the risks that were identified in the systems of the university are physical threats of the systems where the infrastructure is at the risk of by damaged by the people who might have the wrong intentions of destroying the network and the systems of the learning institution (Shahzad, Golamdin, & Ismail, 2016). The infrastructure of the information system needs to be well secured to ensure that no one with malicious intentions can attack the infrastructure and destroy it. The infrastructure is costly and therefore if it's destroyed the institution can incur costs that it had never planned to incur. The operations of the information systems will be affected leading to disruption of activities within the institution.

The other risks identified from the audit is that several system errors were identified where the system is misused leading to errors. The errors occurred when new employees used the systems without being trained on how to use and avoid the errors from occurring (Kvon et al., 2018). When the errors occur, the systems need to fix whenever the errors occur, and this is an additional cost to the institution. The infrastructure does not meet the standards necessary to ensure that there are no risks involved that might lead to disruptions of the services offered by the company. The audit indicated that many people are allowed to access the rooms that have critical infrastructure that does not need to be by all the people that bring potential danger to the company. The likelihood of such attacks is high.

The other threat that was identified from the audit conducted is that they systems face the risk of cybercrime because the systems are linked to the internet to allow for the accessibility to users even remotely from their homes. The cybercrime threat might alter all the operations of the institution and even make the institution to close down (Moore, Dynes, & Chang, 2016). Cyber-attacks are on the rise; hence institutions need to come up with ways of ensuring that they are protected from such attacks. The audit revealed that they firewalls that are supposed to protect the institution from cyber-attacks fail sometimes exposing the institution to cyber-attacks. The threat can be eliminated by replacing the firewalls with new ones and adding more layers of security of ensuring that the attacks don't happen. The employees of the institution need to be trained on how they use the network well and avoid exposing the network to cyber threats.

The audit also revealed that the employees of the institution do not adhere to the policy of the company in regards to using passwords assigned to them. The policy requires the employees to change their passwords frequently to avoid the risk of social engineering, and their passwords might be used to conduct attacks and to use the platforms for the wrong purposes (Shahzad, Golamdin, & Ismail, 2016). The systems can be improved to solve the challenge where the employees are unable to use the system unless they change their passwords after a certain period has elapsed. Many companies have been attacked when the employees failed to observe the rule of updating the passwords frequently.

The learning institution needs to employ people that know updating the security features whenever there is a need to keep the institution safe from attacks that might comprise the security of the learning institution (Shahzad, Golamdin, & Ismail, 2016). The cost of hiring a security person is less than the cost that the company can incur if they are attacked; hence the institution should consider the options that they have.

There are consequences that the institution is likely to have if it attacked, among the consequences is the loss of data. Data is an essential aspect of the institution because it has all the information regarding the stakeholders that do business with the institution. When one manages to get the data, then the attackers can manipulate it for their benefits. The student, for instance, can change their financial data then they fail to pay school fees which are consequential to the company. The institution will lose the money that the students would have paid in the form of hence suffering from a financial loss. When the company lacks the finances will be forced to close down.

The employees can also use the opportunity to exploit the organization by engaging in activities that are not allowed by the institution. The system has privileges to the employees based on the levels of authority that they have at the institution (Moore, Dynes, & Chang, 2016). When junior employees access the privileges of senior employees, they access data that they are not supposed to access. Employees need to manage their passwords to prevent the wrong people accessing information that they are not supposed to access.

If the company networks are damaged for poor management it might take a lot of time to restall the and also additional costs will be required (Hollingsworth 2016). The time that the institution will lose trying to repair the network might also cost the company to incur an expense that it had not prepared for. The time that the institution will lose while trying to repair the network yet the error could have been avoided if appropriate measures were taken.

The employees can also be trained on how to eliminate human error to keep the company safe from attacks that might influence the operations of the company. Many companies have experienced challenges in securing their information system infrastructure because the institutions have failed to maintain proper security standards that will guarantee security to ensure that the company will be able to continue with its operations without hindrances. The security threats keep on changing; therefore, the company must be updated with the latest prevention techniques of preventing the attacks.

Conclusion

In conclusion, the audit exposed the threats that the company faces risking the lives of the people. The audit recommended various measures that the company need to take to ensure it remains safe from attacks that might influence its operations. The managers were also advised on appropriate action that they need to take to ensure that the employees comply with all the regulations that they require to keep their organizations secure.

References

Hollingsworth, C. R. (2016). Auditing for FISMA and HIPAA: Lessons Learned Performing an In-house Cybersecurity Audit.

Kvon, G. M., Vaks, V. B., Masalimova, A. R., Kryukova, N. I., Rod, Y. S., Shagieva, R. V., & Khudzhatov, M. B. (2018). The risk of implementing new electronic management systems at universities. EURASIA Journal of Mathematics, Science and Technology Education, 14(3), 891-902.

Moore, T., Dynes, S., & Chang, F. R. (2016). Identifying how firms manage cybersecurity investment. University of California, Berkeley.

Shahzad, A., Golamdin, A. G., & Ismail, N. A. (2016). Opportunity and challenges using cloud computing in the case of Malaysian higher education institutions. The International Journal of Management Science and Information Technology (IJMSIT), (20), 1-18.