Tip of the Iceberg Kaplan University GB500: Business Perspectives Professor Boam January 2, 2012 Case Analysis: Tip of the Iceberg The Tip of the Iceberg is a humorous story that describes how unseen forces can affect the outcomes of a situation. The penguins lived on a small iceberg which hovered over a huge clam bed. The clam bed beneath the iceberg could provide food for the all of the penguins living on the iceberg for years to come.

However, the clam bed was essentially useless because the penguins could not dive deep enough beneath the iceberg to retrieve the clams, but the walruses that lived nearby could. So, the penguins devised a system that could help them with their goal of harvesting the clam bed. The system included the iceberg, the clam bed, the penguins, and the walruses. The purpose of the system was to produce a new food source for both penguins and walruses (Hutchens, 2001).

The penguins met with the walruses and negotiated a protocol that basically stated that the walruses would harvest the clams and in return could eat all of the clams that they wanted but couldn’t eat the penguins. The system developed by the penguins sought stability by inviting the walruses to harvest the clams so penguins would never have to endure another harsh winter without food. Initially the system worked well and everyone was happy. The walruses brought up the clams and both walruses and penguins had plenty to eat.

Other penguins heard about the iceberg and the “all-you-can eat” protocol between the walruses and penguins and soon showed up to enjoy the tasty clams. The penguins recruited more walruses so they could harvest even more clams and more penguins came to the iceberg. The system had entered a reinforcing process that escalated into a virtuous cycle. All of this worked well for a while, but soon infighting between the walruses and penguins occurred. Reports that walruses had sat on penguins caused many penguins to leave the iceberg. At first, it was thought that the infighting could be attributed to bad anners and citizenship (Hutchens, l. 172). To resolve the infighting, the penguins brought in a management consultant and urged everyone to attend sensitivity training. They also sent out memos reminding walruses to look before sitting, but none of this worked and even more penguins left the iceberg. Word soon spread throughout the region about the infighting and flattening of penguins and neither penguins nor walruses came to the iceberg. The number of clams decreased because the number of walruses decreased and the appeal of the once popular iceberg was lost.

The penguins were at a loss, they could not figure out what was wrong or how their well-intentioned efforts had led to such a social upheaval. Their initial efforts to resolve the infighting had resulted in even more chaos. The penguins reviewed their system and finally realized that they had not considered the iceberg in their system. The added weight created by recruiting even more walruses to retrieve clams had brought even more penguins to their tiny iceberg and caused the iceberg to start sinking.

Disorder in the system had occurred, and the penguins were unable to recognize or interpret the feedback (Hutchens, 2011). Because the penguins did not immediately recognize the feedback, they were unable to take corrective action in a timely manner. The penguins had become trapped in a virtuous cycle where they believed that they were meeting their original goal of harvesting the clams and providing food for everyone just as they had promised. They continued to push the system and mistakenly believed that they had not reached the full capacity of the system (Hutchens, l. 74). They originally thought that they could increase the number of clams harvested if they invited more walruses to the iceberg. However, what they didn’t consider was how the population growth would affect the iceberg. The penguins failed to truly understand the system that they had created. Once they realized that the iceberg was sinking they took action.

Vulnerability Management

Computing systems and applications pose an inherent risk to IT, as they contain vulnerabilities that can be exploited. IT security professionals must quickly identify vulnerabilities, and provide ongoing and consistent remediation or mitigation measures to prevent exploitation of them. The time between discovery of a vulnerability and when the vulnerability is patched provides a window of opportunity for a threat actor to exploit the system. Vulnerability scanners enable detection of vulnerabilities across various computing devices and applications in order to reduce risk, breaches, or compromise.
In this discussion, you will describe the importance of identifying and managing vulnerabilities.
In your initial post, address the following:
What is the importance of vulnerability management within an information security plan?
What is the importance of reducing the window of opportunity for a threat actor?
How do vulnerability scanners and patch management help in reducing the exploitation of vulnerabilities?
In response to two of your peers, answer the following:
Do you agree or disagree with your peers’ perspectives on the importance of vulnerability management and patch management? Expand upon your ideas and support your stance with internal or external resources.
Discuss an additional way of reducing the window of opportunity for a threat actor that your peer did not mention.
Discuss an additional threat that a vulnerability scanner cannot address that your peer did not mention.