Business Fraud - Ais Writing Assignment Essays

822 Words4 Pages
Educational Credit Management Corp - ECMC, a student loan guarantee agency based off of Minnesota, announced on March 2010 that there was a security breach in their establishment. Student loan borrowers had their personal information (names, social security numbers, addresses, and dates of birth at a minimum) stolen off of the premises via “portable media”. In the article, Data Theft Hits 3.3 Million Borrowers, Pilon noted that this is believed to be the largest data breach of its kind and “could affect as many as 5% of all federal student-loan borrowers” (Para. 1). As a precaution, ECMC made arrangements with Experian, the credit protection agency, to provide credit monitoring services to borrowers affected by the data breach. In…show more content…
Employees should be properly trained to understand and follow the company’s security policies. According to Romney, training “is especially needed to educate employees about social engineering attacks, which use deception to obtain unauthorized access to information resources”(pp.261). Proper training of employees could have prevented the breach as well. Assuming that an outsider was the thief, I believe it would have been obvious that he/she was not wearing an ID badge or would have been aware of piggybacking, for example (pp. 261). Lastly, physical access controls are those that refrain entry into an area that may contain sensitive information. According to the text, this control “is essential to achieve any degree of information security”. There are a wide range of potential threats that an intruder that is left unsupervised can cause an organization such as copying files with a portable device or as daring as stealing the computer itself (Romney, 2009, pp. 262). Physical access controls had to have been lacking at ECMC. As Romney states, “physical access control begins with entry points to the building itself” so assuming the data was taken by an outsider, if physical access controls would have been placed the breach would have been prevented (pp. 262). After researching the situation at ECMC, I failed to locate details about the perpetrator. It was revealed that they notified law enforcement

More about Business Fraud - Ais Writing Assignment Essays

Get Access