Assignment 2: Information Security Breach

A root-cause analysis of the security breach revealed multi-factorial issues at the technical, individual, group, and organizational levels. At the technical level, the applications and web-tools

A1. The Nature of the incident was that an employee was able to hack into the computer system and gain access to the financial payroll system, human resources and even email system. This employee used several methods in order to gain access into the system: IP spoofing, Data modification, Man in the middle attack and compromised-key attack. As a result the employee was able to tamper with payroll system. An auditor discovered the discrepancies and tried to make upper management aware of the situation through email, but the email was intercepted by the hacker. The hacker impersonated an employee and persuaded the auditor into granting him more access into the system which resulted in additional sabotage into the payroll system. Hacker

Using proxy software Burp Suite it was discovered that the shopping site contained a hidden form field that could be manipulated.

The first point of analysis is related to National Data Breach reporting which main goal is to protect consumers against identity theft and incentivize businesses for better cyber security. Businesses are required to inform the consumers if the intruder had access to the consumers’ personal information in order to prevent further damage or loss. The information security policy of State of Maryland is set forth to provide any data breach incident

The checklist will be dual purposed. It will be beneficial in listing the steps or fashioning the framework of the overall steps needed to examine the HCC breach as well as keeping the team’s analysis systematic and on track. For example, because HCC is a private sector business, we need to reach a hypothesis as to whether any computer misuse was possibly perpetrated by an HCC employee or by a customer. Bearing in mind that there is still a need to maintain customer confidentiality, “the Homeland Security Act and Patriot Act of 2001 have redefined [in turn, allowing]… ISPs and other communication companies now can investigate customers’ activities that are deemed to create an emergency situation” (Nelson, Phillips, & Steuart, 2010). However, this incident did not seemingly involve an emergency situation, that is, an incident involving “immediate risk of death or personal injury” (Nelson, Phillips, & Steuart, 2010), for instance, a bomb

It is the responsibility of the management to hold secure the data and information that they hold on behalf of the clients that they host. This attack was particularly worrying since the corporation is entrusted with highly sensitive government data and the wealth of the American government military information which it should protect from intrusion from external sources. There are also valuable projects for the organization that it protects like

In the Data breach Investigation report of 2012, the compromised records 174 million security incidents from all over the world were analyzed also the investigation confirmed 855 data breaches. The attacks were carried out from 19 different nations and affected all kinds of organizations small and large.

The public was told of the breach on Dec 8th. It wasn’t until Dec 15th when they finally looked into the cause and fixed it. They sent out an e-mail to everyone, who they had emails for, about the breach. When they put out their response the main phrase everyone wanted

3. Detail at which point(s) you believe the problem occurred and suggests a safeguard for the future protection of the company

Computer security is the security applied to the computers and their networks including the internet. Physical security and information security are the two types of computer securities which prevent theft of equipment and data. (Man, 2015).

National Institute of Standards and Technology (NIST) and Federal Information Security Management Act of 2002 (FISMA) were established to provide a set of standards, guidelines to assist all federal agencies in executing the FISMA and to assist in managing cost-effective programs to protect organization’s information and information systems. NIST founded on March 03, 1901 and now headquartered Gaithersburg, Maryland. Founded by U.S. Congress, NIST was established to impose general measurement standards laboratory; it is a non-regulatory agency of the United States Department of Commerce. The fledgling agency quickly assembled standards for electricity, length and mass, temperature, light, and time, and created a system to transfer those

Computer security breaches have been occurred in too many places since information technology is used. Security practitioners declare that those breaches incident cost vast businesses that is estimated more than $1 billion, according to Pinsent Masons, (2014). There are also non-financial costs that companies may suffer. Figure 1 is illustrated World's Biggest Data Breaches that happened last decade.

The security incident management policy of Blyth’s Books is quite comprehensive in the aspect of the detection and reporting of information security events. Detection and reporting of a security incident is vital for an organisation’s survival. If an organisation’s stakeholders and employees cannot detect when an incident has occurred or have detected one but cannot report owing to the fact that how and whom to report to is unknown, the remainder of the incident management procedure which is aimed at getting the organisation back on its feet information security wise cannot be put into process. No one can handle or respond to an incident they have no knowledge of. The security incident management policy of Blyth’s Books was pretty comprehensive in outlining what security incidents are and how they could be identified by those covered in the scope of the policy. A review of Norwegian organisations and institutions performed in 2005 where strategies for data security incidents were analysed demonstrated that statistics

Faults are a precise interaction of hardware and software that can be fixed given enough time.

In the last decade it’s amazing how technology has advanced over the years and will continue to advance for many years to come. Every year there is a new cell phone from Apple or Samsung, with new features that make our lives more convenient. From faster software to higher picture quality and so on. I am unable to recall the last time I used a camera to take pictures or went to the bank to deposit a check. Technology advances every day and many can’t wait to see what’s next to come. But with new technology comes greater risk for violations of privacy. In the following research paper I will discuss the types of security breaches and the cost associated with these breaches that businesses around the world face on a daily basis.