IT Security Case Study

Hacking, along with various other IT threats, and IT cybersecurity crimes are on the rise. We all know that cyber attacks are now a matter of when it will happen, not if it happened. This particular case study pertains to a real-life based incident in the life of an IT Director. One morning in 2016, the IT Director of a University in the GCC countries received an email from a hacker. The email started with a friendly message that the hacker intends to help the University as an ethical hacker to improve its IT security and as such, the hacker was portraying this as a noble cause with good intention. He/she attached some files from the University documents to prove the hacking. The hacker offered his/her service for 7000 US $ per year. Now, the University did have a firewall and a security contract with Entrust Security Company. Suffice to say, The IT Director and his team were under severe stress because they were facing this risk for the first time. The IT Director was reporting to the VP for academic affairs who was reporting to the President of the University. The IT Director informed the VP in a face-to-face meeting to avoid sharing his proposed strategy with the hacker. Eventually, the University top management approved the strategy and that Strategy included the following points: 1- Discuss the issue with IT governance committee. 2- Informed the security company to seek their help and advice. 3- Reported the government organization that handles computer security incidents in the UAE. 4- Using business negotiations with the hacker to gain more time and to keep them hoping that they will have a deal and to avoid more a serious escalation. Negotiations took ten days as the hacker was asked for quotations and better prices. The security company kept up their supported by increasing their services. However, the hacker suddenly disappeared and stopped asking for any further business. It was not clear why they disappeared all of a sudden. Although, it is believed the improvement in the overall IT security situation, might have been a potential cause for this sudden departure of the hacker

Questions:

- What is ethical hacking and what are its pros and cons?

- Explain the component of a plan in place to manage the cyber security risk and explain its importance?

- Explain the relation between leadership, core values, IT governance, and the University governance?

- Who are the stakeholders in this case, and did they act ethically?

- What should be done by IT after their system had been hacked in this case?