Personal and Professional Examples of IT Security Breaches

Week & 8 Discussion

 Chapter

Concepts

Definition

Context

Personal Example

7. Security

1. Five key security decisions

2. Security education, training, awareness

Security education is some type of formal instruction that is focused on fundamentals, concepts, and theories related to information security.

Training is delivered through degree programs, certifications, seminars, etc.

Awareness focuses on the core knowledge needed by security professionals.

In sum, the goals are developing security expertise (education), operational proficiency (training) and promoting secure behaviors (awareness).

Most companies of all sizes and types in virtually all industries rely to some extent on their IT resources to perform basic business functions.

Over the years, I have attended and delivered in-house security education and training. One of the most interesting challenges that I have identified in this process is just how fast innovations – and threats -- in IT change the security landscape, making the need for ongoing training and education an essential element of any business model.

Likewise, a holistic program encompassing all three is key to building a strong security culture within any organization.

These resources reinforce one another to produce security-minded individuals performing roles competently while adhering to good practices.

3. The cost of security breaches.

An IT security breach is an incident that results in unauthorized access to, or disclosure of, sensitive information through violation of cybersecurity policies, practices, or technologies.

Security breaches allow compromise of system confidentiality, integrity, and/or availability via malware, hacking, stolen devices, or user policy noncompliance.

Moreover, a breach enables theft or misuse of private data, interrupts operations, and threatens an organization's digital assets and reputation.

Security breaches can affect individuals and businesses alike. In a business context, companies can incur major costs for organizations.

Some of the direct expenses include the charges needed to investigate and respond to an attack, restore systems from backups, verify integrity of data, and bolster defenses to prevent future incidents.

Depending on severity, substantial costs may be required for forensic analysis, legal services, fines, public communication strategies, and compensation provided to customers.

Fortunately, I have not experienced any work-related security issues but there have been some personal issues. For instance, last year, I received an email that appeared to be from my bank asking me to verify some account information. Not realizing it was a phishing attempt, I clicked the link and entered my login credentials, which were then compromised. Within hours, I saw fraudulent charges on my account as hackers had accessed it and started spending money. I had to contact the bank right away, close my account and deal with the fallout of catching the breach too late.

On another occasion, I was out shopping and realized I did not have my wallet. I retraced my steps and called all the stores I had visited but could not locate it. The next day, strange charges started popping up on one of my credit cards. Someone had clearly stolen my wallet and began using my cards for their own purchases. I had to report the theft and disputed the fraudulent charges, which took weeks to sort out.

Most recently, I received an email notice from PayPal that someone had made charges on my account in Belgium. I disputed the charges and the $800 was immediately refunded (I still do not know how this happened).

8. The Business of Information Technology

1. Business IT-Maturity Model

The Business IT-Maturity Model provides a framework to assess and track an organization's proficiency in effectively utilizing IT to achieve business goals.

The model provides a progression path along which organizations can evolve their IT capabilities.

The Business IT-Maturity Model is a response to the evolving landscape of IT within organizations.

The model takes into account the rapid development of IT systems, increased digitization, and the growing importance of aligning IT with business goals.

In addition, the model also recognizes that successful IT investments are tied to effective utilization and the need for standardized assessments of IT capabilities.

The model provides a methodology firmly founded in timely IT governance and management best practices to navigate these drivers.

The model also draws on the multi-stage evolution required to maximize business IT strategic enablement in today’s demanding and competitive environments.

Finally, it is reasonable to suggest that the increasing digitization of business processes, operations, and channels will place even greater emphasis on mature IT deployment for the foreseeable future.