Serious Consequences For An Organization
Order ID 53563633773 Type Essay Writer Level Masters Style APA Sources/References 4 Perfect Number of Pages to Order 5-10 Pages Description/Paper Instructions
Serious Consequences For An Organization
Private Sector Case Studies
Security breaches can have serious consequences for an organization. They can rely on lax physical security, inadequate logical access controls, or a combination of both. Let’s look at some examples of failures in both logical access controls and physical security.
LexisNexis
LexisNexis is a major information clearinghouse of newspaper, magazine, and legal documents. Customers can search the system for basically any published information. In early 2005, a number of teenage hackers were able to gain access to the system. They exposed personal information of over 300,000 individuals. Names, addresses, and SSNs were exposed in the breach. This was a failure in logical access controls on a major level.
The breach started with the account of a police officer in Florida. One of the teenagers, posing as a 14-year-old girl in a chat session, convinced the officer to download and open a Trojan horse file, claiming it was a photo. This gave the hackers access to the officer’s system. While browsing his files, they discovered a logon into a LexisNexis subsidiary, called Accurint, a law enforcement information database. The hackers started to search the database for themselves and celebrity information.
The hackers realized that they needed more access to effectively explore the system. They called Accurint and, posing as administrators with LexisNexis, they got account logins and passwords for an account with enhanced rights.
They used their new access to create accounts for friends and search the system. They were able to pull at least 30,000 accounts, possibly as many as 300,000, gaining names, addresses, phone numbers, and SSNs. Luckily the teens were “joyriding,” and none of the information was sold or utilized in identity theft, but the possibility was there. There were at least 57 separate breaches connected to this incident.
LexisNexis had to offer identity theft monitoring to all of the affected customers. In addition, they claimed to strengthen their customer account and password administration to make sure a breach could not happen again. LexisNexis went so far as to claim their new system was watertight.
Bank One
Bank One, a major Midwest bank that is now owned by JPMorgan Chase, lost around 100 employee laptops due to a failure in physical access controls. The office had one access point that was controlled with an RFID badge system. The badge system was slow, taking around 30 seconds to a minute to unlock the door. This led to impatient employees at this location assisting each other by piggybacking at the door. Employees would badge in and then hold the door open for other the employees behind them. This security flaw was further exacerbated by a lack of security cameras at the door. Most employees were using laptops at this location, with no security cables or locking docking stations.
In the early 2000s, during an all-hands off-site meeting, thieves gained access to the office and stole approximately 100 laptops. After the incident, measures were taken to enhance the physical access controls at the location. Cameras were added at the entry point, and the badge system was modified so that employees had to badge in and out of the building. Policy changes were also enacted. The act of piggybacking was banned, and this was added to the code of conduct.
Public Sector Case Study
Sometimes, security breaches happen not because of external attacks, but due to internal failures. Let’s take a look at an example from the United Kingdom (U.K.).
On November 22, 2007, the U.K. government admitted that one of its departments, Her Majesty’s Revenue & Customs (HMRC), had lost in the mail two CDs containing the unencrypted personal details of 25 million U.K. residents.
In response to a request by the National Audit Office (NAO), a junior member of HMRC’s staff was instructed to send details of child benefit recipients to the NAO. The details were burned onto two CDs as unencrypted files and then sent to the NAO using regular mail. At the time, this was standard procedure at HMRC. To compound the security lapses, HMRC decided it was too costly to remove unneeded information from the files before they were sent. This included addresses and bank account information. NAO explicitly requested that the bank account information be removed, and HMRC ignored the request.
The U.K. Data Protection Act of 1998 specifies that if information is to be sent, it must be subject to safeguards, and only the necessary data required for processing may be sent. In this case, HMRC violated both points of this law.
Once the data loss became apparent, HMRC started an investigation of the loss. They attempted to track down the CDs and contacted law enforcement for assistance. Instead of immediately reporting the data loss to the public, HMRC waited 10 days, plenty of time for accounts to get compromised.
The fallout from this breach has been major: The Information Commissioner’s powers have been expanded, his office can now audit departments at will, and they have enforcement powers. Due to the loss of public confidence in the HMRC, other projects have been put on hold, most notably the national ID card program. There was also the cost of the search for the disk and affected citizens needing to close existing bank accounts.
Critical Infrastructure Case Study
Security breaches do not always come from targeted attacks. Untargeted, general attacks can also cause a security breach in an organization. Let’s look at the CSX Corporation virus incident of August of 2003.
The SoBig computer virus infected CSX Corporation’s computer network at its headquarters in Jacksonville, Florida. These infected systems flooded the internal network with infection attempts and spammed the equivalent of an internal DDoS attack. No critical systems got infected, but the network congestion disrupted signaling dispatching and other mission critical systems.
Freight trains were delayed. At least 10 Amtrak long-distance trains were canceled or delayed up to six hours, and commuter trains in Washington D.C. were canceled. Half-hour delays continued for the next few days. The initial damage ran into the millions in late delivery penalties and customer refunds, and millions more were spent updating and expanding the antivirus and network systems to mitigate any further issues.
RUBRIC
QUALITY OF RESPONSE NO RESPONSE POOR / UNSATISFACTORY SATISFACTORY GOOD EXCELLENT Content (worth a maximum of 50% of the total points) Zero points: Student failed to submit the final paper. 20 points out of 50: The essay illustrates poor understanding of the relevant material by failing to address or incorrectly addressing the relevant content; failing to identify or inaccurately explaining/defining key concepts/ideas; ignoring or incorrectly explaining key points/claims and the reasoning behind them; and/or incorrectly or inappropriately using terminology; and elements of the response are lacking. 30 points out of 50: The essay illustrates a rudimentary understanding of the relevant material by mentioning but not full explaining the relevant content; identifying some of the key concepts/ideas though failing to fully or accurately explain many of them; using terminology, though sometimes inaccurately or inappropriately; and/or incorporating some key claims/points but failing to explain the reasoning behind them or doing so inaccurately. Elements of the required response may also be lacking. 40 points out of 50: The essay illustrates solid understanding of the relevant material by correctly addressing most of the relevant content; identifying and explaining most of the key concepts/ideas; using correct terminology; explaining the reasoning behind most of the key points/claims; and/or where necessary or useful, substantiating some points with accurate examples. The answer is complete. 50 points: The essay illustrates exemplary understanding of the relevant material by thoroughly and correctly addressing the relevant content; identifying and explaining all of the key concepts/ideas; using correct terminology explaining the reasoning behind key points/claims and substantiating, as necessary/useful, points with several accurate and illuminating examples. No aspects of the required answer are missing. Use of Sources (worth a maximum of 20% of the total points). Zero points: Student failed to include citations and/or references. Or the student failed to submit a final paper. 5 out 20 points: Sources are seldom cited to support statements and/or format of citations are not recognizable as APA 6th Edition format. There are major errors in the formation of the references and citations. And/or there is a major reliance on highly questionable. The Student fails to provide an adequate synthesis of research collected for the paper. 10 out 20 points: References to scholarly sources are occasionally given; many statements seem unsubstantiated. Frequent errors in APA 6th Edition format, leaving the reader confused about the source of the information. There are significant errors of the formation in the references and citations. And/or there is a significant use of highly questionable sources. 15 out 20 points: Credible Scholarly sources are used effectively support claims and are, for the most part, clear and fairly represented. APA 6th Edition is used with only a few minor errors. There are minor errors in reference and/or citations. And/or there is some use of questionable sources. 20 points: Credible scholarly sources are used to give compelling evidence to support claims and are clearly and fairly represented. APA 6th Edition format is used accurately and consistently. The student uses above the maximum required references in the development of the assignment. Grammar (worth maximum of 20% of total points) Zero points: Student failed to submit the final paper. 5 points out of 20: The paper does not communicate ideas/points clearly due to inappropriate use of terminology and vague language; thoughts and sentences are disjointed or incomprehensible; organization lacking; and/or numerous grammatical, spelling/punctuation errors 10 points out 20: The paper is often unclear and difficult to follow due to some inappropriate terminology and/or vague language; ideas may be fragmented, wandering and/or repetitive; poor organization; and/or some grammatical, spelling, punctuation errors 15 points out of 20: The paper is mostly clear as a result of appropriate use of terminology and minimal vagueness; no tangents and no repetition; fairly good organization; almost perfect grammar, spelling, punctuation, and word usage. 20 points: The paper is clear, concise, and a pleasure to read as a result of appropriate and precise use of terminology; total coherence of thoughts and presentation and logical organization; and the essay is error free. Structure of the Paper (worth 10% of total points) Zero points: Student failed to submit the final paper. 3 points out of 10: Student needs to develop better formatting skills. The paper omits significant structural elements required for and APA 6th edition paper. Formatting of the paper has major flaws. The paper does not conform to APA 6th edition requirements whatsoever. 5 points out of 10: Appearance of final paper demonstrates the student’s limited ability to format the paper. There are significant errors in formatting and/or the total omission of major components of an APA 6th edition paper. They can include the omission of the cover page, abstract, and page numbers. Additionally the page has major formatting issues with spacing or paragraph formation. Font size might not conform to size requirements. The student also significantly writes too large or too short of and paper 7 points out of 10: Research paper presents an above-average use of formatting skills. The paper has slight errors within the paper. This can include small errors or omissions with the cover page, abstract, page number, and headers. There could be also slight formatting issues with the document spacing or the font Additionally the paper might slightly exceed or undershoot the specific number of required written pages for the assignment. 10 points: Student provides a high-caliber, formatted paper. This includes an APA 6th edition cover page, abstract, page number, headers and is double spaced in 12’ Times Roman Font. Additionally, the paper conforms to the specific number of required written pages and neither goes over or under the specified length of the paper. GET THIS PROJECT NOW BY CLICKING ON THIS LINK TO PLACE THE ORDER
CLICK ON THE LINK HERE: https://collegepaper.us/orders/ordernow
Do You Have Any Other Essay/Assignment/Class Project/Homework Related to this? Click Here Now [CLICK ME] and Have It Done by Our PhD Qualified Writers!!