Data Breach Essays (Examples)

How Paige Thompson Hacked the Capital One Firewall
The 2019 Capital One hack was committed by a transgender person going by the name Paige Thompson. Paige essentially committed the hack and bragged about it on social media in order get attention from others. This crime could be labeled a cry for help, as Paige was suffering from mental health issues as well. Paige was being held in the men’s detention center prior to trial but was released on grounds that the judge feared the defendant might self-harm himself due to inadequate mental health treatment in the facility (Stone, 2019). The trial for Paige is currently set for November 4th, 2020 (US Department of Justice, 2020).
While the actor’s motives and objectives have not been argued in the court of law, they can be fairly accurately surmised from news articles on the case. Thompson had worked for Amazon Web Services, which…

References
Dellinger, A. J. (2019). Capital One Hit With Class-Action Lawsuit Following Massive Data Breach. Retrieved from  https://www.forbes.com/sites/ajdellinger/2019/07/30/capital-one-hit-with-class-action-lawsuit-following-massive-data-breach/#4689f6226b1a 
Krebs, O. S. (2019). Capital One data theft. Retrieved from  https://krebsonsecurity.com/2019/07/capital-one-data-theft-impacts-106m-people/ 
Stone, J. (2019). Alleged Capital One hacker Paige Thompson to be released before trial. Retrieved from  https://www.cyberscoop.com/capital-one-hacker-free-trial-paige-thompson/ 
US Department of Justice. (2020). US v. Paige Thompson. Retrieved from https://www.justice.gov/usao-wdwa/united-states-v-paige-thompson

Breach Notification

The confidentiality of medical and personal information of every patients or other individual is a serious issue in the health sector. However, governments such the United States and European Union have put into operation data breach notification rules that cover the health care fraternity. Therefore, breach notification can be defined as rules and regulation which protects or control the unlawful access to data of an individual (Jim Tiller, 2011).

Mostly data breach normally occurs when there is a loss or theft of or access to unauthorized information with sensitive private information which might result to comprise of confidentiality or integrity of the data. Therefore, the United States (U.S.) and the European Union (EU) enacted laws to regulate the breach of personal data of patients. (Gina Stevens, 2012). For example, in the United States, "HITECH Act, Pub L. 111-5 Title XIII," was the first federal health breach notification law…

Reference

Patrick Kierkegaard (23 March 2012) Medical data breaches: Notification delayed is notification

Denied  http://www.sciencedirect.com/science/article/pii/S0267364912000209 

Gina Stevens (2012)Data Security Breach Notification Laws

 http://www.fas.org/sgp/crs/misc/R42475.pdf

ecurity Management Plan

John's Hospital

Privacy of client information is an assurance that every patient wants and this assurance is what the hospital can build patient confidence on. The lack of it therefore may have consequences such as loss of confidence in the hospital, loss of clientele and the emergence of a poor reputation. This paper looks at the t. John's Hospital which has experienced the leakage of confidential information a problem that needs to be addressed. It highlights the steps the hospital must take in its management plan. In the first step, hospital must identify how widespread the problem is and where exactly there are weaknesses in the system. econdly, the hospital's staff must receive adequate training in methods to deal with confidential information especially its destruction. A culture must be developed to deal with this information discreetly. In this same breadth breach must be understood by all staff…

Shred it (2013), Security Breach, Shred --It making sure it is secure,  http://www.shredit.com/en-us/document-destruction-policy-protect-your-business  (Retrieved 16/11/2015)

Scallan T. (2013), Disaster recovery solutions underscore the importance of security, Health Management Technology,  http://www.healthmgttech.com/disaster-recovery-solutions-underscore-the-importance-of-security.php  (Retrieved 16/11/2015)

U.S. Department of Health and Human Services (HHS) (2000), Health information privacy, HHS.gov,  http://www.hhs.gov/ocr/privacy/hipaa/understanding/srsummary.html  (Retrieved 16/11/2015)

Breach of Faith

Over the course of twenty-two years, from 1979 to 2001, Robert Hanssen participated in what is possibly the most severe breach of national intelligence in the United States' history. hrough a combination of skill and sheer luck, Hanssen was able to pass critical information from his job at the FBI to Soviet and later Russian intelligence agencies, information that may have contributed to the capture and execution of a number of individuals. Hanssen's case is particularly interesting because it takes place over the course of two decades that included the end of the Cold War and the beginning of the internet age, and as such examining the various means by which Hanssen was able to breach security offers extra insight into the security threats, new and old, that face those tasked with protecting sensitive government information. Ultimately, the Hanssen case reveals a number of ongoing vulnerabilities concerning…

The first substantial action that could be taken to help ensure future breaches do not occur is a reorganization of the FBI's security and intelligence functions. The Webster Commission compared the FBI's organization of its security functions with the rest of the Intelligence Community and found that, "in sharp contrast to other agencies," the FBI's security and intelligence functions "are fragmented, with security responsibilities spread across eight Headquarters divisions and fifty-six field offices" (Webster, 2002, p. 4). This fragmentation of security functions dramatically increases the likelihood of a breach because it means that the overall security apparatus is that much more porous, with adequate, lacking, or inconsistent oversight depending on particular Headquarters or field office.

To combat this phenomenon, the Webster Commission recommended that the Bureau establish an Office of Security tasked with, among other things, consolidating security functions under a senior executive" in order to "prompt management to focus on security, resolve conflicts between operational and security objectives, and foster Headquarters and field coordination" (Webster, 2002, p. 4). The FBI did not establish an Office of Security, which would have meant a high level office reporting directly to the deputy director, but rather in 2005 established the National Security Branch, a lower-level division responsible for Counterterrorism, Counterintelligence, Intelligence, and Weapons of Mass Destruction (Holder, 2011, & FBI, 2012). Even with the consolidation of these security-related functions under one Branch, the FBI's security functions still remain fragmented and ultimately lacking. For example, while Counterintelligence and Intelligence are both divisions of the National Security Branch, a Security Division still remains under the control of the Associate Deputy Director. Furthermore, the Bureau still lacks one of the most important assets recommended by the Webster Commission: a unit dedicated to information system security, clearly an important aspect of overall security considering that much of Hanssen's success depended on being able to use the FBI's automated databases without fear of being flagged for suspicious behavior, or even identified at all (Webster, 2002, p. 4).

Just as the FBI's security issues prior to Hanssen's arrest were microcosmic of the larger problems facing the Intelligence Community prior to the attacks of September 2001, so too is the FBI's failure to institute necessary reforms while exacerbating existing problems microcosmic of the difficulties facing the Intelligence Community in its attempts to institute the intelligence reforms passed in the wake of 9/11. Though the FBI's National Security Branch was born out of a presidential directive and the Office of the Director of National Intelligence out of an act of Congress, both organizations represent attempts to fix security and intelligence

Target's Data Breach affected over 80 million customers (Bayuk, 2010). However, it is probable that more people might have been affected. Certain client information, besides the payment card data was stolen during the breach. The company has confirmed that information regarding customers was taken from systems beyond point of sale. This means that customers who made online purchase or those who emailed the company were affected. In this case, the points of sale systems used by customers to swipe their credit cards are linked to the company's network, like everything else. However, the existing evidence is based on correlational expert reports. It does not show the opportunities enabling hackers to compromise people via point of sale machines and connect to the company network. These customers will now receive emails that resemble a lot like emails from Target Company or emails from bank that will ask customers to key in their…

References

Bayuk, J.L. (2010). CyberForensics: Understanding information security investigations. New York: Humana Press.

Tehan, R. (2008). Data security breaches: Context and incident summaries. New York: Novinkna Books.

Boyda, D. & Crawfordb, K. (2012). CRITICAL QUESTIONS FOR BIG DATA: Information, Communication & Society, 15:5, 662-679, DOI:10.1080/1369118X.2012.678878. Retrieved from  http://dx.doi.org/10.1080/1369118X.2012.678878

American Express and Data Theft isk

Scenario

In March 2016, American Express admitted that customer data was stolen from the company in 2013 in a letter to the California Attorney General (Condliffe, 2016). As a credit card company, AMEX works with a large number of merchants, and the data breach came on the merchant end and that the affected customers were notified as soon as was possible. However, this incident provides a learning experience, and the key problem now is how Amex can learn from this experience going forward with respect to how it handles such third-party data breaches in the future. This one particular incident is not the problem, but it highlights a broad category of problems -- credit card fraud and cybercrime -- that cost the industry billions of dollars every year. Managing this better than competitors will be a boon to consumer confidence in the American Express…

References

American Express Form 10K for 2015. Retrieved March 19, 2016 from  http://ir.americanexpress.com/Cache/1500081626.PDF?O=PDF&T=&Y=&D=&FID=1500081626&iid=102700 

Barker, K., D'Amato, J. & Sheridon, P. (2008). Credit card fraud: Awareness and prevention. Journal of Financial Crime. Vol. 15 (4) 398-410.

Condlifee, J. (2016). American Express admits to theft of customer data three years late.. Gizmodo. Retrieved March 19, 2016 from  http://gizmodo.com/american-express-admits-to-theft-of-customer-data-three-1765441909 

Papadimitrou, O. (2016). Market share by credit card network. CardHub. Retrieved March 19, 2016 from  http://www.cardhub.com/edu/market-share-by-credit-card-network/

Question 14-14

No, Visa certainly is not being overly cautious in its fortification of its data center. Security breaches are certainly on the uprise and becoming more commonplace each and every day. Moreover, when one considers the sheer number of transactional events which Visa is processing every day (let alone the statistics denoting the number of transactions it is accounting for each second) (YOUR BOOK PAGE NUMBER), it becomes clear that the likelihood of it encountering some fraudulent attempt or breach is greater than that of other financial institutions. In this case, it would be foolish to opine that the company is being overly cautious. Rather, it is simply preparing itself for the realities of today's financial industry.

Question 14-15

This level of management controls is necessary because of all the various threats financial entities are prone to in contemporary times. These include ransom ware (Harper), malware, any other number…

Breach

For a criminal investigator, analyzing key evidence is an important part in being able to establish a pattern of behavior for the suspect. The film the Breach, is discussing the obert Hanssen case and its long-term impacts on U.S. national security. To fully understand how criminal investigators were able to catch him requires carefully examining the film. This will be accomplished by focusing on: the facts of the case, the parties involved, the victim's information, the suspects, the evidence, investigative mistakes, procedural errors, interview mistakes and the life of obert Hanssen. Together, these different elements will highlight how a series of critical blunders led to one of the largest national security breaches in U.S. history.

The Facts of the Case

In the film, Eric O'Neal is assigned to work undercover as a clerk for obert Hanssen. Set in the late 1990s, O'Neal's job is to keep an eye on…

References

Breach. (2010). IMDB. Retrieved from:  http://www.imdb.com/title/tt0401997/synopsis 

Barkin, S. (2011). Fundamentals of Criminal Justice. Sudbury, MA: Jones and Bartlett.

Personnel and Operations

Today, data centers are a vital part of business, especially when significant growth is experienced. A data center provides a way for businesses to keep track of both the history of operations and the planning process that occurs as a result. Depending on the size and presence of a particular business, data centers can take either a virtual or physical form. Data centers can occupy a single room in a building belonging to the business or an entire building. For Night Owl eading, a bookstore in New York City, NY, the data center location requirements will begin as a single adjacent room within the store. Personnel, schedule, and operational procedures will need to be thoroughly planned in order to make the data center a success.

Background

Night Owl eading is a bookshop that operates locally in the New York City area. Being relatively traditional, it only recently…

References

Kabay, M.E. (2003, May). Staffing the Data Center. Ubiquity. Retrieved from: http://ubiquity.acm.org/article.cfm?id=782794

Merkow, M.S. And Breithaupt, J. (2006). Information Security: Principles and Practices. Pearson Prentice Hall.

Sullivan, E. (2008, Nov.). Finding and Keeping Good Data Center Employees. FacilitiesNet. Retrieved from:  http://www.facilitiesnet.com/outsourcing/article/Finding-and-Keeping-Good-Data-Center-Employees  -- 10062

Health-Care Data at Euclid Hospital Security and Control: A White Paper

Protecting Health-Care Data

The efficiency of the modern healthcare system is increasingly becoming reliant on a computerized infrastructure. Open distributed information systems have been initiated to bring professionals together on a common platform throughout the world. It needs to be understood that easy and flexible methods of processing and communication of images; sound and texts will help in visualizing and thereby cure illnesses and diseases effectively. Another aspect is that the easy access and usage can risk patient privacy, accountability, and secrecy associated with the healthcare profession. Therefore, Information Technology -- IT must be able to focus mainly on improving the health of the patient and should not put the patient's health in danger. (IO Press)

This implies that right data has to be made available to the right person at the right time. IT strongly affects the confidentiality…

References

A WWW implementation of National Recommendations for Protecting Electronic Health

Information.  http://medg.lcs.mit.edu/people/psz/secman.html 

Accessed 21 September, 2005

IO Press. Retrieved from  http://www.iospress.nl/loadtop/load.php?isbn=9051992661

risks associated with exchanging data with outside partners. The most significant risk is probably with respect to data security. A survey of people within the health care industry noted that within the industry there are a number of concerns expressed relating to security. These include the risks of exchanging data between health care providers and government (fear of government), storage in insecure databases (fear of technology), and patient registration on insecure websites (again, fear of technology). The problem is that the people expressing these fears are not IT professionals and do not actually understand the risks that they are afraid of. They fear that there is growing interest among thieves trying to steal personal health records. The market for social security numbers, Medicare or Medicaid numbers or other health numbers is driving these fears (Diana, 2014).

Basically, a major issue here is that health care providers do not trust their…

References

Diana, A. (2014). Obamacare vs. patient data security: Ponemon research. Information Week. Retrieved June 5, 2014 from  http://www.informationweek.com/healthcare/security-and-privacy/obamacare-vs.-patient-data-security-ponemon-research/d/d-id/1127663 

Englebardt, S.P., & Nelson, R. (2002). Health care informatics: An interdisciplinary approach. St. Louis, Mo: Mosby.

Groves, P., Kayyall, B., Knott, D. & Van Kuiken, S. (2013). The big data revolution in health care. McKinsey & Company. Retrieved June 5, 2014 from  http://www.mckinsey.com/~/media/mckinsey/dotcom/client_service/healthcare%20systems%20and%20services/pdfs/the_big_data_revolution_in_healthcare.ashx

As with any new idea, costs associated with the adaptation of a new application would be incurred mainly at the beginning as it personnel would need to be trained for using the StreamBase.

Security might be one of the main problems associated with StreamBase. Would the streaming data be encrypted or otherwise protected from malicious users? he organization adapting to StreamBase would need to be sure that the analyses were not vulnerable to security breaches. Finally, just as with streaming multimedia content, streaming data and data analysis might be problematic and prone to caching problems. Possible glitches may be due to server speeds, client PC speeds, and the speed of data transmission. If the organization relied on its own intranet and had a backup system for streaming, then it might be possible to mitigate any problems associated with real-time financial data analysis.

Vaas, Lisa. "StreamBase 2.0 argets Financials." eWeek. June…

The benefits of real-time financial data analysis would therefore far outweigh the costs. Restructuring and redesigning the organizations it department would be beneficial in other ways: forcing the introduction of new products, ideas, and processes. At the same time, increased revenues from the more robust data analysis system would more than make up for whatever costs were associated with implementing the new application. As with any new idea, costs associated with the adaptation of a new application would be incurred mainly at the beginning as it personnel would need to be trained for using the StreamBase.

Security might be one of the main problems associated with StreamBase. Would the streaming data be encrypted or otherwise protected from malicious users? The organization adapting to StreamBase would need to be sure that the analyses were not vulnerable to security breaches. Finally, just as with streaming multimedia content, streaming data and data analysis might be problematic and prone to caching problems. Possible glitches may be due to server speeds, client PC speeds, and the speed of data transmission. If the organization relied on its own intranet and had a backup system for streaming, then it might be possible to mitigate any problems associated with real-time financial data analysis.

Vaas, Lisa. "StreamBase 2.0 Targets Financials." eWeek. June 17, 2005. Retrieved Oct 18, 2008 at  http://www.eweek.com/c/a/Database/StreamBase-20-Targets-Financials/1

Forum Responses

The assessment of alert data is spot-on and very straightforward -- an excellent and succinct description of the help they can provide. The concept that a "more powerful program" is simply "more intelligent" is also well-put, and has some interesting implications. For computer programs such as these, knowledge truly is power; the ability to analyze and react to data after its collection is precisely what makes generative tools and alert data so useful and more powerful than other types of data. I'm a little unclear on what you mean about cyber crime, though there are certain implications here that are definitely worth exploring. The idea that enough aggregated data could be collected and analyzed to determine overall trends and procedures in cybercrime with something akin to meta-alert data is very intriguing.

The distinction you draw between alert data/IDS software and other types of network security monitoring programs and…

Miller Inc. is a company that wishes to develop a new and more efficicent data repository for all data collected, stored, and transferred. Their desire to create a data warehouse that operates quickly with less effort is the purpose of this project. Adaptation of database modeling along with designing their data warehouse will lead to higher consumer and employee satisfaction. The project goal is to create a database schema to work as well be designed alongside other components such as identifying metadata in order to let IT model the data warehouse, implement and test it.

to identify and gather database requirements, design the dimensional model, develop the system architecture, design the relational database and online transactional processing model, develop the data maintenance application, develop analysis applications to test and deploy the system through a series of steps intended to reduce error rate. The types of applications for use will be…

Protecting Personal Data

Protection of personal data is paramount in any situation. Battered women receiving help in a shelter, part of a community clinic require confidentiality to avoid problems should their abusers locate them. When computerizing an appointment system and records, sometimes such information can easily be taken if there is no protection available. Things like passwords and encryption help keep would be criminals from accessing sensitive data. Although hackers may still access the data should they gain password information, adding those layers of protection, safeguard sensitive data on most occasions. While not all negative situations can be avoided, extra precaution must be taken when attempting to protect personal data.

The stakeholders of this scenario are several. The first and most important are the battered women and children in the shelter. They are the ones that may be endangered should their information leak out. The second are the staff working…

component graded.

The amassing of data has become an integral process of life in the 21st century (Nunan and Di Domenico, 2013, p. 2). This fact is partially reflected by the fact that in contemporary times, people are generating much more data than they previously did. Every time someone goes shopping and makes a purchase with a credit card, receives a call or sends a text message, or visits a web site on a computer or downloads information to a mobile phone application, they are generating data. This data is stored and, through sophisticated processes of analytics that involve data mining and even predictive capabilities, is analyzed to determine aspects of consumer, individual, and collective behavior. The generation of these massive quantities of data in the myriad forms such data takes at the rapidity of real-time access is known as big data, which government representatives claim they are analyzing to…

References

Byman, D., Wittes, B. (2014). Reforming the NSA. Foreign Affairs. 93(3), 127-138.

This source considers a number of possibilities for reforming the NSA which are viable in the wake of Snowden's security breach. It examines other country's approaches to espionage as well. In provides an in-depth read into the considerations the NSA must make for securing the country

Hackett, K. (2013). Edward Snowden: the new brand of whistle blower. Quill. 101(5), 26-31. This source examines the ramifications of the actions of whistle blowers, and attempts to deconstruct the privacy issues associated with security concerns in the U.S. It details the actions of Snowden.

Nuna, D., Di Domenica, M. (2013). Market research and the ethics of big data. International Journal of Market Research. 55(4), 2-13. This source considers the practice of amassing and analyzing big data largely from a marketing research perspective. It details the wide scope of data that is regularly stored and scrutinized regarding the lives of citizens.

Both types -- qualitative and quantitative -- have their advantages and disadvantages. One of the most well-known of the quantitative risk metrics is that that deals with calculation of annual loss expectancy (ALE) (Bojanc & Jerman-Blazoc, 2008). ALE calculation determines the monetary loss associated form a single occurrence of the risk (popularly known as the single loss exposure (SLE)). The SLE is a monetary amount that is assigned to a single event that represents the amount that the organizations will potentiality lose when threatened. For intangible assets, this amount can be quite difficult to assess.

The SLE is calculated by multiplying the monetary value of the asset (AV) with the exposure factor (EF). The EF represents the percentage of loss that a threat can have on a particular asset. The equation, therefore, is thus: SLE=AV*EF. Applying this practically, if the AV of an e-commerce web server is $50,000 and a…

Reference

Bojanc, R. & Jerman-Blazoc, B. (2008), An economic modelling approach to information security risk management. International Journal of Information Management 28 (2008) 413 -- 422

Chowdhary, A., & Mezzeapelle, M.A. (n.d.) Inforamtion Security metrics. Hewlett Packard.

Pedro, G.L., & Ashutosh, S. (2010). An approach to quantitatively measure Information security 3rd India Software Engineering Conference, Mysore, 25-27

The defects will be the concern of the local manufacturer and not that of the business. This, again, will mean savings on waste, labor and shipping. As a desirable consequence, outsourcing will boost the host country's economic condition by providing affordable products to the citizens. This enhances consumer spending (Marie).

Outsourcing manufacturing, however, encourages dependence on the outsourcing partner (Marie, 2010). This is a disadvantage on the side of the contractor if the partner goes out of business. Fortunately, this can be offset if the parts for manufacturing are distributed to different contractors and all the elements sent to a final contractor to assemble the finished product. Cost and time other disadvantages. Tests will require more time for fine tuning before distribution. These processes cannot be avoided. However, strategic planning with the right outsourcing partner may prevent or eliminate the risks of outsourcing manufacturing internationally (Marie).

Ethics and Social Responsibility…

BIBLIOGRAPHY

Hill, C.W.L. (2007). Ethics in international business. Chapter 4. McGraw-Hill.

Retrieved on April 8, 2011 from http://www.highered.mcgraw-hill.com/sites.../Hill6e_1B_Sample_Chapter04.pdf

Jack, a. (2010). Focus shifts to the emerging economies. Financial Times: the Financial Times, Ltd. Retrieved on April 8, 2011 from  http://www.ft.com/cms/s/0/84bb43c4-5649-27df-b835-00144feab49a.html#ax221Iuh75xBV 

Joo, J.W. (2008). Pharmaceutical outsourcing: trading quality for lower costs. Health Reform Watch: Seton Hall University School of Law. Retrieved on April 8, 2011

4G LTE Encryption

When cellular phones first came out, the concerns about data loss and theft was not all that high. This was mostly because these devices functioned mostly (if not entirely) as phones with perhaps a camera phone here and there. Nowadays, however, cellular phones are often smartphones and they are literally small computers in terms of the data that they carry and the abilities that they have. Given that and the fact that tablets and other devices have entered the cellular signal fray, it is important to focus on the data security that these data devices have and whether that technology is being used in the way it could or should be and whether improvements are needed. While technology and encryption have come a long way, it is imperative that the envelope is pressed harder and harder every day so as to maintain (or create) privacy and safety…

References

Alam, M., Yang, D., Rodriguez, J., & Abd-Alhameed, R. (2014). Secure device-to-device

communication in LTE-A. IEEE Communications Magazine, 52(4), 66-73.

Huang, Y., Leu, F., You, I., Sun, Y., & Chu, C. (2014). A secure wireless communication system

integrating RSA, Diffie-Hellman PKDS, intelligent protection-key chains and a Data

Security

Cryptography

In order to maintain information secrecy one would use cryptography. This is intentionally making information unintelligible. This method is mainly employed during the transmission of information. Cryptography ensures that only the intended person would be able to decipher the information (Whitman & Mattord, 2011, p. 339). The process of deciphering encrypted text is referred to as cryptanalysis. Cryptology is the mathematics branch covering cryptography and cryptanalysis. Cryptology has been in use since 1900 B.C. In Egyptian hieroglyphs. A Mesopotamian cryptography was discovered in 1500 B.C. that surpassed that of the Egyptians. The book of Jeremiah was written using alphabet substitution called ATBASH. Cryptography was employed during the First World War to decipher radio communication. Prisoners have also used cryptography to decipher their messages in order to protect their privacy. A key in cryptography is a parameter or piece of information that would determine the functional output for a…

References

Whitman, M., & Mattord, H. (2011). Principles of Information Security (4th ed.). Stamford, CT: Cengage Learning.

Lessons From Target Data Breach

There are several lessons learnt from this case. First, I have learnt that the experience of Target on its data breach continues to jeopardize the confidentiality of stored information and the market value of the firm. Therefore, the company deserves to invest much attention, especially in research. Worry of disclosure of credit card information, private details, and other IDs is often the reason why customers leave companies. After identification of breach, Target Company is compelled to pay court costs, charges and has to get into enhancing its data security. The traders lose assurance in the company and the eventual fall in market value. Many studies have been performed to assess the speculation as further explored in this study (Bayuk, 2010). The primary objective of this document is to evaluate the chance of forecast of a Target data violation and assess its effect on industry value…

References

Bayuk, J.L. (2010). CyberForensics: Understanding information security investigations. New York: Humana Press.

Grove, R.F. (2010). Web-based application development. Sudbury, Mass: Jones and Bartlett Publishers.

Peitz, M., & Waldfogel, J. (2012). The Oxford handbook of the digital economy. New York: Oxford University Press.

Infosecurity 2008 threat analysis: Your one-stop reference containing the most read topics in the infosecurity security library. (2008). Burlington, Mass: Syngress

Boss I think someone stole our customers

Flayton Electronics Case Study

Brett Flayton, CEO of Flayton Electronics, is facing the most critical crisis of his career when it is discovered that 1,500 of 10,000 transactions have been compromised through an unprotected wireless link in the real-time inventory management system. Brett has to evaluate his obligation to let customers know of the massive leak of private data, define a communication strategy that would notify customers across all states of the potential security breach, and also evaluate the extent to which the Flayton Electronics' brand has been damaged in the security breach. In addition, steps that the company can take in the future to avert such a massive loss of customer data also needs to be defined and implemented.

Assessing the Obligations to Customers vs. Keeping It Quiet

Ethically, Brett Flayton has a responsibility to tell the customers immediately of the security…

References

Aldhizer, George R., I.,II, & Bowles, John R.,,Jr. (2011). Mitigating the growing threat to sensitive data: 21st century mobile devices. The CPA Journal, 81(5), 58-63.

Gatzlaff, K.M., & McCullough, K.A. (2010). The effect of data breaches on shareholder wealth. Risk Management and Insurance Review, 13(1), 61-83.

Gregory, A. (2008). Conserving customer value: Improving data security measures in business. Journal of Database Marketing & Customer Strategy Management, 15(4), 233-238.

Kelly, C. (2005). Data security: A new concern for PR practitioners. Public Relations Quarterly, 50(2), 25-26.

Cyber security, due primarily to globalization has become a profound issue. With the advent of the internet, new threats to privacy and security have arisen. For one, threats have caused data breaches and loss of service for many internet providers. ecently, American banks have become targets of cyber attacks from unknown sources. In many instances, it is difficult to detect the whereabouts of a cyber attack. The anonymity of an attack makes this threat particularly appealing to third world and developed nations. Due primarily to its ability to go undetected PII attacks have become very commonplace. PII, otherwise known as personally identifiable information, have a direct appeal to those who would like to do harm to developed countries. PII attacks are particularly profound as information including name, Social Security numbers and date of birth, stored in the vendor's database can be access by unauthorized user (Denning, 2008).

PII attacks are…

References:

1) Denning, D.E. (2008). The ethics of cyber conflict. The Handbook of Information and Computer Ethics. 391 -- 429.

2) Gorman, Siobhan. (4 June 2010) WSJ: U.S. Backs Talks on Cyber Warfare. Online.wsj.com. Retrieved 2 November 2013.

3) Tom Gjelten (23 September 2010). "Seeing The Internet As An 'Information Weapon'." National Public Radio. Retrieved 23 September 2013

Chief Security Officer:

As the Chief Security Officer for a local University, my main role is establishing and maintaining an enterprise wide information security program that helps to ensure all data and information assets are not compromised. This process involves developing a plan to conduct a security program that prevent computer crimes, establishes a procedure for investigation, and outlines laws that are applicable for potential offenders. To develop an effective plan, the process would involve identifying recent computer attacks or other offenses that have been carried out against higher educational institutions and processes established by these institutions to prevent the recurrence of the crimes. In addition, procedures, methodologies, and technologies that could be bought to lessen computer crime threats and effective laws for convicting offenders will also be examined. The other parts of the process include identifying computer crime fighting government programs and the types and costs of computer forensics…

References:

"Data Security Breach at Ferris State University." (2013, August 16). Local. CBS Local Media.

Retrieved December 16, 2013, from  http://detroit.cbslocal.com/2013/08/16/data-security-breach-at-ferris-state-university/ 

Easttom, C. & Taylor, J. (2011). Computer crime, investigation, and the law (1st ed.). Stamford,

CT: Cengage Learning.

Network Security Management

From the onset, it is important to note that for data to flow from one computer to another, such computers should be interconnected in what is referred to as a network. With such interconnectedness comes the risk of data interception and it is for this reason that network security is considered crucial.

In the recent past, the number of corporations that have experienced attacks on their computing resources has been on the increase. Outages in this case have ranged from denial-of-service-attacks to viruses to other more sophisticated forms of attack. It is important to note that these attacks, which are rarely publicly acknowledged by the affected companies, are coming at a time when organizations are increasingly becoming dependent on information systems and networks to conduct their business. Today, business communications between an entity and the various groups of stakeholders, including but not limited to employees and customers,…

References

BBC. (2013). Sony Fined Over 'Preventable' PlayStation Data Hack. BBC. Retrieved from  http://www.bbc.co.uk/news/technology-21160818 

Canavan, J.E. (2001). Fundamentals of Network Security. Norwood, MA: Artech House.

Cole, E., Krutz, R.L. & Conley, J. (2005). Network Security Bible. Indianapolis, IN: John Wiley & Sons.

Finkle, J. & Hosenball, M. (2014). Exclusive: More Well-Known U.S. Retailers Victims of Cyber Attacks -- Sources. Reuters. Retrieved from  http://www.reuters.com/article/2014/01/12/us-target-databreach-retailers-idUSBREA0B01720140112

Office of the National Coordinator (ONC) was created by George W. Bush in 2004 through an executive order and the congress mandated associated legislation. The ONC is an entity within the US Department of Health and Human Services. The main purpose of the ONC is basically to promote the national health information technology (HIT) infrastructure and oversee its development. In the context of the healthcare providers, the ONC is seen as a close associate to the nationwide push to have electronic health records to the patients in different hospitals all with the aim of curbing errors in the medical field and to do away with paper records.

The mission of the ONC is wide in scope and aimed at meeting the demands of HIT and includes coordination of policies, establishing governance for the eHealth Exchange, strategic planning for the adoption of the health IT as well as health information exchange…

EM

Organizational change plan

Introducing electronic medical records (EM)

Along with expanding health coverage to more Americans, one of the goals of recent federal policy has been the widespread adoption of electronic medical records (EM) by healthcare providers across the nation. "The federal government began providing billions of dollars in incentives to push hospitals and physicians to use electronic medical and billing records" (Abelson, Creswell, & Palmer 2012). Having EMs can be used by providers to gain swift access to comprehensive information about a patient's health history. Some patients forget their history of diagnoses or the medications they are on; sometimes patients must be treated when they are in a mental or physical state where they cannot be forthcoming with information and their friends and families are not nearby. Also, there is the problem of patients attempting to obtain more pharmaceuticals or drugs which they should not be taking. "Electronic…

Reference

Abelson, Reed, Julie Creswell, & Griff Palmer. (2012). Medicare bills rise as records turn electronic. The New York Times. Retrieved:

 http://www.nytimes.com/2012/09/22/business/medicare-billing-rises-at-hospitals-with-electronic-records.html 

Change theory by Kurt Lewin. (2012). Current Nursing. Retrieved:

 http://currentnursing.com/nursing_theory/change_theory.html

However, nothing can be done until the malware actually occurs. With all the different viruses, worms and Trojans, how can security managers possibly predict what malware will occur next? In contrast, a behavioral rule defines legitimate activity in a system. Any activity not matching the profile will cause the security product to be triggered. As rules are not specific to a particular type of attack, they can block malicious behavior without having to recognize the precise attack used. Thus, there is additional protection against new attacks as they emerge. It is to effectively prevent any unauthorized applications, including malicious code and Trojans. or, it could protect a webserver by making it impossible for anyone to access the webserver to change the files and limiting the risk of a hack (Franklin, 2002).

However, the dilemma comes how many rules should the system have? The security manager must decide between an effective…

References Cited

Bowyer, K.W. (2003). "Living responsibly in a computerized world." Ethics and Computing. New York: IEEE press.

Control Guard. http://www.controlguard.com/index.asp

Franklin, I. (November 26, 2002) "Entercept Security Technologies: Rules or signatures?

The best method of prevention." Toolbox. Retrieved from website September 16,

Global Payments Hack

With the new advancements of technology comes the many risks and dangers is also carries along. The evolution of the internet and connect-ability technology has brought everyone closer and has nearly eliminated many communication barriers that have been present throughout recorded history. These new advances have also accompanied a rise in cyber criminals, wishing to invade a person's or business' digital information. The purpose of this essay is to examine computer hacking and hacking processes that pose risks and dangers to society. The essay will use the company Global Payments as an example of how a hacking problems effects many and highlights the dangers involved in our digital world.

This essay will view Global Payments and their hacking problem from a third party accounting system point-of-view. The company's security assessment will be analyzed and different software issues will be discussed. Finally the essay will conclude by offering…

References

Dignan, L. (2012). Cost of Global Payments hack likely manageable. CNet, 1 April, 2013. Retrieved from  http://news.cnet.com/8301-1009_3-57407787-83/cost-of-global - payments-hack-likely-manageable/

Dubois, S. (2011). What it actually takes to prevent a hack attack. CNN, 11 July 2011. Retrieved from http://management.fortune.cnn.com/2011/07/11/what-it-actually-takes-to- prevent-a-hack-attack/

Global Payments Website. Viewed 1 May 2013. Retrieved from  http://www.globalpaymentsinc.com/USA/productsServices/index.html 

Kitten, T. (2013). Global Closes Breach Investigation. Bank Info Security, 15 April 2013. Retrieved from http://www.bankinfosecurity.com/global-closes-breach-investigation-a- 5684

Assurance Program

Why/How to create an Information Assurance

Just as paramount as the availability and access to information is significant in every company or business outfit, certain concerns always come to the fore: the kind of information is to be made. How the information is going to be organized? How will it be possible to ensure that the information released represents the judgment of the management of the company and gives assurance that the very information required is available?

This document contains the solutions to the concerns mentioned above; an Information Assurance Program is necessary in every organization. This project explains why information assurance program is needed in every viable company and also explores ways it can be affected, integrated into the organization and organized. The program encompasses different models which span through finding the reason why such program is needed to analyzing whether the finding is practicable. This takes…

Reference:

Harwood, I.A. (2006). Confidentiality constraints within mergers and acquisitions: gaining insights through a 'bubble' metaphor, British Journal of Management, Vol. 17, Issue 4., 347 -- 359.

Parker, Donn B.] (2002). "Toward a New Framework for Information Security." New York, NY: John Wiley & Sons. ISBN 0471412589.

Elsayed, E. (1996) Reliability Engineering, Addison Wesley, Reading, California: USA.

SACA (2006). CISA Review Manual 2006. Information Systems Audit and Control Association. pp. 85. ISBN 1-933284-15-3.

isk Management Plan Due Week 4 worth 240 points Note: The assignments a series papers-based case, located Student Center shell. The assignments dependent . In assignment, create a risk management plan.

Scope and objectives of risk process

The project consists of fixing of the firm's data security weakness and brand restoration. Brand restoration would ensure that the company is able to demonstrate to its customers that it is able to move past the data breach event. Brand restoration would also allow the company to continue competing without losing its customers. Fixing the weaknesses in its data security gives the company the opportunity to improve on its security measures. The company would also use this aim in strengthening its systems and implementing strict guidelines in regards to data security. The scope of the project would require the company to communicate to its customers about the data breach osenbaum & Culshaw, 2003.…

References

Hillson, D., & Simon, P. (2012). Practical Project Risk Management: The ATOM Methodology, Second Edition. Vienna, VA: Management Concepts Incorporated.

Rainer, R.K., Jr., Snyder, C.A., & Houston, H.C. (1991). Risk Analysis for Information Technology. Journal of Management Information Systems, 8(1), 129-147. doi: 10.2307/40397977

Rosenbaum, M.S., & Culshaw, M.G. (2003). Communicating the Risks Arising from Geohazards. Journal of the Royal Statistical Society. Series A (Statistics in Society), 166(2), 261-270. doi: 10.2307/3559666

Stephenson, G. (2001). Risk Management Plan: Bechtel Nevada Corporation (U.S.).

Examples of 'red flag' usage include logging in during odd hours (over the weekend and in the middle of the night) or unusual activity not typical of specific users. Cloud computing can also lessen the risks by making it more difficult to actively 'transport' data away from secure premises. "According to an HHS database, more than 40% of medical data breaches in the past two and a half years involved portable media devices such as laptops or hard drives" (Schultz 2012)

Q3. How can we minimize injury and harm after such incidents occur?

First and foremost, it is important to inform the affected patients of the nature and extent of the security breach. Patients can take action by putting a credit freeze on their accounts, if they are at risk for identity theft. Offering patients free credit protection might be one way to reduce anger and concern. Passwords must be…

References

Schultz, D. (2012). As patients' records go digital, theft and hacking problems grow

Kaiser Permanente Health News. Retrieved:  http://www.kaiserhealthnews.org/Stories/2012/June/04/electronic-health-records-theft-hacking.aspx

Part 2 - Reflective Diary

The security of customer's data is very critical in the contemporary business environment because of the increase in the data breach that could make organizations to face bad publicity within and outside the United States. Essentially, organizations are required to secure employees' and customers' data to enhance Pretty Good Privacy (PGP) within the IT environment. One of the strategies to enhance customers' privacy is to implement data encryption. Encryption is a strategy of encoding data file where only authorized user can only have access to a secret "key' in order to read the data. The major impact of encryption is that it will prevent unauthorized access to organizational data, which will consequently enhance data protection and privacy. oreover, securing information will make organization to be in line with the IT ethical standard, which will consequently enhance organizational public image.

Despite the security platform implemented by…

McEvoy, S.A.(2002). Email and Internet Monitoring and the Workplace: Do Employee has the Right to Privacy. Communication and Law.

Miller, A.R. & Tucker, C.E.(2011). Encryption and the Loss of Patient Data. Journal of Policy Analysis and Management, 30 (3):534-556.

Lugaresi, N.(2010).Electronic Privacy in the Workplace: Transparency and Responsibility. International Review of Law, Computers & Technology. 24( 2):163-173

These kinds of compulsive behaviors are observed on a daily basis. It has been highlighted by the authors that there is an acceptable use policy implicated on the students in academic institutions and on the daily basis, without regarding the restrictions placed by these policies, students work against the policy. According to the policy, computers within the universities can only be used for academic purposes only. The policy has highlighted that computers in an academic environment should not be used for online sharing, downloading, social networking and gaming (Nykodym, Ariss, & Kurtz, 2008, p. 7). But in the campuses and academic institutions, it is seen that the students usually sit in for social networking and gaming. Thereby, from here it can be seen that either the students don't want to follow the policies or they don't want to understand the restrictions placed in the policies.

The authors have highlighted that…

References

Nykodym, N., Ariss, S., & Kurtz, K. (2008). Computer Addiction and Cyber Crime. Journal of Leadership, Accountability and Ethics .

Poulsen, K. (2011). Kingpin: how one hacker took over the billion-dollar cybercrime underground. Crown Publishing Group.

Roberts, K. (2010). Cyber Junkie: Escape the Gaming and Internet Trap. Hazelden Publishing.

Ross, A.J. (2008). How to Hug a Porcupine: Negotiating the Prickly Points of the Tween Years. McGraw-Hill Professional.

Unauthorized Information Systems Access

Scan the Internet for articles or evidence of Bank of America being a victim of hacking. Based on the results of your search, if the bank has been hacked, assess the circumstances around the hacking and the resulting impact to the bank's customers and operations. If the bank has not reported hacking incidents, assess the most likely security measures that the bank has implemented to protect the business from hackers.

Bank of America has experienced many data breaches in the past, yet the most troublesome are the ones where customers' data is stolen and immediately resold on the black market by employees. There are also those instances where employees and subcontractors gain unauthorized access to ATMs and steal money. These are two of the recent incidences of how the Bank of America security systems and processes have been hacked by employees and those operating in the…

References

Adams, J. (2011). Bank of America copes with two alleged insider breaches. Cardline, 11(22), 4.

Coppotelli, D.J. (1982). Information security strategy. Security Management, 26(5), 86-86.

Hulme, T. (2012). Information governance: Sharing the IBM approach. Business Information Review, 29(2), 99-104.

Twum, F., & Ahenkora, K. (2012). Internet banking security strategy: Securing customer trust. Journal of Management and Strategy, 3(4), 78-n/a.

0 technologies (O'Reilly, 2006) and social networking (Bernoff, Li, 2008). Countering the growth projections is the economic recession which positions the market for -1% revenue growth in 2010 rebounding in 2001.

Figure 1: Software-as-a-Service Revenue Growth & Forecast (2009 -- 2014)

Revenue $ Million

Growth %

2010

145,723.6

-1.0

2011

151,552.5

4.0

2012

157,766.1

4.1

2013

164,234.6

4.1

2014

170,968.2

4.1

Implications of SaaS doption & Growth for Business & Organizational Models

s the economics of information technologies is being reordered due to the exceptionally fast growth of SaaS-based development platforms and applications the implications for businesses and organizations is strategic. Most fundamentally is the availability of enterprise-level applications which can be paid for using Operating Expense (OPEX) accounting principles, no longer requiring Capital Equipment expenditures, sometimes called CPEX. This has taken the power of information technologies and applications out of the hands of the CIO and given it to…

All of these factors of growth however need to be tempered with the fact that there is significant aversion to risk on the part of CIOs as they see SaaS as too risky to put their enterprise-wide, often customer-centric data on. What makes security such a concern for CIOs is that SaaS is a very powerful political undercurrent that in many cases is making their roles all the more challenging. SaaS has had widespread reliability problems, some of them so great that salesforce.com took the exceptionally open step of creating a website called trust.salesforce.com as CEO Marc Benioff believes that trust is so important for his frims' platform that reliability must be regularly communicated. Yet the factors that led to the lack of reliability is what has CIOs and even some CEOs nervous about SaaS. What Salesforce.com was facing was a lack of scalability in their servers and also a lack of scalability for the multi-tenant SaaS architecture they had installed in 2003. Their reliability issues began in 2005 and eventually were minimized through the use of server virtualization and optimization of the core applications. Twitter, a social networking application, is single-tenant today and crashes periodically. Clearly as a SaaS platform Twitter must go multi-tenant by design to alleviate this reliability issue.

All of these issues of scalability, repeatability of processes and stability of the SaaS platform have critics of the platform commenting that it is only a matter of time until there is a widespread data breach. In fact SaaS-based applications at Salesforce.com have never been breached.

The U.S. And global governments continue to evaluate

As all these challenges pervaded not only ChoicePoint but all the companies comprising the industry, privacy advocates began to dissect the processes, systems and approaches that data providers were using to collect, analyze and sell information. What they found quickly became the foundation for congressional attention and focus on imposing heavy regulations on an industry that was suffering from a lack of process integration and no oversight or governance in place within any of the organizations. ChoicePoint had in effect become the poster child of the entire personal data industry due to their many lapses it has experienced in protecting consumers' data. The many scenarios mentioned in the case study of criminals posing as small businesses to gain access to their databases is a pervasive problem across the entire industry, and a further catalyst of legal and regulatory oversight of the industry.

Privacy Advocates

Dissecting the processes, systems and techniques…

References

A. Baldwin, Y. Beres, S. Shiu. (2007). Using assurance models to aid the risk and governance life cycle. BT Technology Journal, 25(1), 128-140. Retrieved August 5, 2008, from ABI/INFORM Global database. (Document ID: 1238704541).

Jason Bellone, Segolene de Basquiat, Juan Rodriguez. 2008. Reaching escape velocity: A practiced approach to information security management system implementation. Information Management & Computer Security 16, no. 1

January 1): 49-57 www.proquest.com (Accessed August 7, 2008).

Joel Brenner 2007. ISO 27001: RISK Management and COMPLIANCE. Risk Management 54, no. 1 (January 1): 24-26,28-29. www.proquest.com. (Accessed August 7, 2008).

functions of an information system. List and describe three types of enterprise systems.

he four basic functions of an information system are gathering data, storing data, processing that data into information, and outputting the information (O'Leary & O'Leary, 2008). he system has to be able to collect data, or have the data placed into it, or it does not have anything with which it can work and with which it can provide output information after an analysis takes place. Storing data is a big part of what an information system does, because the data is important and must not be lost. A system that could not store data would not be valuable to a company for collection and retention of data (O'Leary & O'Leary, 2008). Once the data has been collected and stored, it can then be analyzed in order to draw conclusions from it based on the type of…

The four main points of IT strategic plans are the mission statement, the SWOT analysis, the list of actions to be prioritized, and the "road maps" that are used to examine and readjust the strategic plan in the future (Bradford & Duncan, 2000). The mission statement is a very important part of the plan, because it is the basic definition of what the company stands for and where it is headed in the future. Without it, IT cannot plan for continued structure and development, which can cause the company to stagnate (Bradford & Duncan, 2000). The SWOT analysis comes next, and addresses the strengths, weaknesses, opportunities, and threats that are being faced by the IT department of the company. These can include both internal and external issues, both of which have to be dealt with correctly in order to allow the company to continue to see success (Bradford & Duncan, 2000). Because IT is such an important part of companies today, what happens in that department affects nearly everything else that takes place within the company.

Prioritizing the actions needed is next on the list when it comes to IT strategic planning. There is no need to work on something just for the sake of working, when there are more important issues to be faced (Bradford & Duncan, 2000). Prioritizing everything means that the IT department will be focused on the most important issues first, so that the concerns that really need to be addressed do not languish. Finally, road maps are required so that the company can see where it intends to have its IT department at specific intervals in the future. These are usually at the one, two, and three-year marks, but they can be placed at other intervals, as well (Bradford & Duncan, 2000). There is no specific rule for when they need to be seen, and every company is different.

Bradford, R.W. & Duncan, J.P. (2000). Simplified strategic planning. NY: Chandler House.

Securing the Electronic Frontier

The paradox of how to secure individuals and organizations' right to access the Internet vs. securing personal and corporate data and identities is a particularly complex and challenging issue. The ethicacy of this paradox is most present in the differences between encryption and Pretty Good Privacy (PGP). Too open of standards and governance policies on these areas will often lead to large scale data breaches, as many organizations presume they have greater security over their data than is actually the case (Mikko, 2010). When security guidelines and initiatives are too restrictive, organizations cannot accomplish their objectives either. Making this paradox complex is the ethicacy of asking people and organizations for passwords and access to their accounts (Spinello, 2004). The ethics of trespass vs. legitimate access becomes all the more critical when the complexity, pace and severity of computer fraud perpetrated by globally-based gangs that are well-financed…

References

Hypponen, Mikko. (2010). Fighting Viruses Defending the Net. Retrieved on June 16, 2012 at  http://www.ted.com/talks/mikko_hypponen_fighting_viruses_defending_the_net.html 

Miller, A.R., & Tucker, C.E. (2011). Encryption and the loss of patient data. Journal Of policy analysis & management, 30(3), 534-556.

Spinello, R.A. (2011).Cyberethics - Morality and Law in Cyberspace (4th ed.). (4th Ed.). Sudbury, MA: Jones and Bartlett Learning. Chapter 6

Spinello, R.A. (2004). Reading in Cyber ethics (2nd ed.). (4th ed.). Sudbury, MA: Jones and Bartlett Learning. Chapter 5

Technology & Logistics

The author of this report has been asked to answer a fairly general but intriguing question. That question asks the author of this report to define how technology can improve the management of global logistics. Of course, technology can be used to improve logistics in any number of ways. However, the author of this report will center on a few in particular. Indeed, the use of barcodes, networking technology, wireless technology and voice recognition technology are just a few ways and manner in which technology can be used and leveraged to achieve more efficient and error-free logistical performance. While this technology can be daunting and complex, the results garnered from using them effectively is obvious and easy to see.

Analysis

One example of how technology can aid logistics is through "hidden" barcodes. Most everyone is familiar with the UPC codes used in retail stores to tie an…

References

Albright, B. (2002). New technology reads 'hidden' bar codes. Frontline Solutions,

3(12):47-49.

Cross, C.S., (2007). Everything but the kitchen. Industrial Engineer, Norcross, 39(4),

32-38.

To offer an information security awareness training curriculum framework to promote consistency across government (15).

Security awareness is needed to ensure the overall security of the information infrastructure. Security awareness programs is the can help organizations communicate their security information policies, as well as tips for users, to help keep systems secure, and the practices the entire organization should be utilizing. However, as Kolb and Abdullah reiterate, "security awareness is not about training but rather designed to change employee behavior" (105).

A program concerning security awareness should work in conjunction with the information technology software and hardware JCS utilizes. In this way, it mitigates the risks and threats to the organization. Security awareness is a defensive layer to the information system's overall security structure. Although not a training program, per se, security awareness does provide education to the end users at JCS, regarding the information security threats the organization faces,…

References

"An Introduction to Computer Security: The NIST Handbook." National Institute of Standards and Technology, SP 800-12, (Oct 1995). Web. 24 Oct 2010.

Anti-virus Guidelines. The SANS Institute, 2006. Web. 24 Oct, 2010.

Culnan, M., Foxman, E., & Ray, A. "Why IT Executives Should Help Employees Secure their Home Computers." MIS Quarterly Executive 7.1 (2008): 49-56. Print.

Desktop Security Policies. The SANS Institute, 2006. Web. 24 Oct, 2010.

Workarounds in Healthcare Facilities

Workarounds refer to the alternative methods "of accomplishing an activity when the usual system / process is not working well" (Pennsylvania Patient Safety Advisory, 2013). In as much as workarounds may temporarily solve existing problems, they also indicate inefficiencies and deficiencies in the current system. Workarounds may at times be effective and more convenient, compared to the system in existence, but a regular use of the same could endanger both the safety of patients and the facility's reputation. A workaround can, therefore, be termed as an at-risk behavior that does not yield concrete long-term solutions to existing problems. Therefore, "workarounds perceived as necessary by the user for patient care, efficiency or safety, may be beneficial, neutral, or dangerous for patients' safety" (Koppel, Wetterneck, Telles & Karsh, 2008, p. 1).

A description of Workarounds in a Selected Facility

Workarounds can take a variety of forms. For instance,…

References

Flanagan, M.E., Saleem, J. J., Millitello, L.G., Russ, A.L. & Doebbeling, B.N. (2013). Paper- and Computer-Based Workarounds to Electronic Health Record Use at Three Benchmark Institutions. Journal of the American Medical Informatics Association, 20(e1): e59-66.

Intel (2013). Workarounds in Healthcare, a Risky Trend. Retrieved from  http://www.intel.com/content/www/us/en/healthcare-it/workarounds-in-healthcare-risky-trend.html 

Koppel, R., Wetterneck, T., Telles, J.L. & Karsh, B. (2008). Workarounds to Barcode Medication Administration Systems: Their Occurrences, Causes, and Threats to Patient Safety. Journal of the American Medical Informatics Association, 15(4), 408-423.

Merrill, M. (2009). Using Pen and Paper Workarounds Could Boost EMR Efficiency. Retrieved from  http://www.healthcareitnews.com/news/using-pen-and-paper-workarounds-could-boost-emr-efficiency

Privacy and security is a major concern for any person in the technological era that we are living in today. Everything today is revolving around technology in some aspect. Our academic career, professional life and even personal lives are affected by technology. Because of social media, people are likely to put very personal details and images on the World Wide Web. When people are not reluctant about uploading their personal information online, they also wouldn't have any problem uploading their financial and company relations.

Social media websites like LinkedIn, Facebook and twitter is affecting the way people interact with each other on the global scale. They are also affecting the way company's brand, advertise and even distribute their products (Edosomwan et.al, 2011) It has been stated that majority of the companies and corporations are receptive to online collaboration tools and social media. Nonetheless, when it comes to information technology, there…

References

Colombe, J., & Stephens, G. (2004). Statistical profiling and visualization for detection of malicious insider attacks on computer networks, 138 -- 142.

Cloudsecurityalliance.org. (2011). Top threats to cloud computing: cloud security alliance. [online] Retrieved from:  https://cloudsecurityalliance.org/research/top-threats  [Accessed: 10 Aug 2014].

Edosomwan, S., Prakasan, S., Kouame, D., Watson, J., & Seymour, T. (2011). The history of social media and its impact on business. Journal Of Applied Management And Entrepreneurship, 16(3), 79 -- 91.

Ho, P., Tapolcai, J., & Mouftah, H. (2004). On achieving optimal survivable routing for shared protection in survivable next-generation internet. Reliability, IEEE Transactions On, 53(2), 216 -- 225.

Mitigating isk for Information Technology

The risk management plan to deal with the situation for this particular assignment is two-fold in nature. Specifically, it is designed to account for the external breach of the company based on its information technology security. Additionally, it must encompass critical facets of data governance which can rectify the weak access-control policies that were taken advantage of for an internal breach. As such, the risk-management policy will address both of these issues holistically through a comprehensive approach that considers data management and data governance in a way that encompasses security measures. The resulting governance mechanisms that are advocated as part of this policy should unequivocally reduce the risk of data breaches, both internally and externally.

It is important to understand just how effective data governance can ameliorate the two security issues described in this assignment prior to formalizing it as part of this risk-management policy.…

References

Harper, J. (2014). (Big) data governance for cloud deployments. www.dataversity.net Retrieved from  http://www.dataversity.net/big-data-governance-cloud-deployments/ 

Harper, J. (2013). Walk softly: why non-invasive data governance wins. www.dataversity.net Retrieved from  http://www.dataversity.net/walk-softly-why-non-invasive-data-governance-wins/

Progress Due Week 9 worth 200 points Note: The assignments a series papers-based case, located Student Center shell. The assignments dependent . During project life cycle, project risk reviews reports required previously identified risk

Impact of events on the project

The top two threats that had been identified as destruction of company reputation and loss of customers have occurred. These threats had been established as having a high impact on the company and their occurrence has greatly affected the company. The company relied heavily on its reputation and having this destroyed has resulted in loss of business. The company is suffering as its good name has been affected and customers are not trusting of the company. Overall sales have been affected as customers are not visiting the stores and the little that are have reservations on their purchases. Customers are wary of losing their personal data Jane E.J. Ebert, Daniel…

References

Hillson, D., & Simon, P. (2012). Practical Project Risk Management: The ATOM Methodology, Second Edition. Vienna, VA: Management Concepts Incorporated.

Iversen, J.H., Mathiassen, L., & Nielsen, P.A. (2004). Managing Risk in Software Process Improvement: An Action Research Approach. MIS Quarterly, 28(3), 395-433. doi: 10.2307/25148645

Jane E.J. Ebert, Daniel T. Gilbert, & Timothy D. Wilson. (2009). Forecasting and Backcasting: Predicting the Impact of Events on the Future. Journal of consumer research, 36(3), 353-366. doi: 10.1086/598793

Lee, J.S., Keil, M., & Kasi, V. (2012). The Effect of an Initial Budget and Schedule Goal on Software Project Escalation. Journal of Management Information Systems, 29(1), 53-77. doi: 10.2307/41713870

Managers at businesses and organizations all over the United States collect and store information. It can be with tangible documents via filing cabinets, or digitally via networked servers. They may even rent "cloud" space to safeguard and keep vast volumes of personal information. Despite the growing occurrence of data breaches affecting private, public, and nonprofit organizations, the majority of organizations and businesses admit knowing too little concerning the consequences and risks of failing to sufficiently safeguard personal information collected from volunteers, employees, donors, and clients. The news has shown companies like Sony, Kmart, and Dairy Queen that have let leak sensitive information like credit card numbers and home addresses (MONEY.com, 2014). The question is should organizations and businesses like these be held liable for damages from the compromise of leaked sensitive data? The answer is yes.

People are convinced by businesses and organizations to hand over sensitive information. They put…

References

Axelrod, C., Bayuk, J., & Schutzer, D. (2009). Enterprise information security and privacy. Boston: Artech House.

Lindsay, D. (2014). The 'Right to be Forgotten' by Search Engines under Data Privacy Law: A Legal Analysis of the Costeja Ruling. Journal Of Media Law, 159. Retrieved from  http://www.tandfonline.com/doi/abs/10.5235/17577632.6.2.159?journalCode=rjml20 

MacKinnon, L. (2012). Data security and security data. Berlin: Springer.

MONEY.com,. (2014). Data Breach Tracker: All the Major Companies That Have Been Hacked. Retrieved 27 November 2015, from  http://time.com/money/3528487/data-breach-identity-theft-jp-morgan-kmart-staples/

isk, isk Management Strategies, and Benefits in Cloud Computing

SITUATIONAL ANALYSIS

PEMISE STATEMENT

KEY DEFINITIONS

SEVICE AND DEPLOYMENT MODELS

BENEFITS OF CLOUD COMPUTING

SECUITY ASPECTS

Storage

eliability

Virtualization

Trust

Physical Security

Legal Compliance

CLOUD COMPUTING ISKS

ISK Management STATEGIES

Vendor Evaluation

Centralized Information Governance

Other Organization-Level Measures

Individual-Level Security Measures

Cloud computing model

Cloud computing service and deployment models

ISO/IEC broad categories

The emergence of cloud computing has tremendously transformed the world of computing. Today, individuals, organizations, and government agencies can access computing resources provided by a vendor on an on-demand basis. This provides convenience, flexibility, and substantial cost savings. It also provides a more efficient way of planning disaster recovery and overcoming fluctuations in the demand for computing resources. In spite of the benefits it offers, cloud computing presents significant security concerns, which users must clearly understand and put strong measures in place to address them. Users are particularly…

REFERENCES

Abiodun, A. (2013). A framework for implementation of risk management system in third party managed cloud. Journal of Information Technology & Economic Development, 4(2), 19-30.

Ahmed, N., & Abraham, A. (2013). Modeling security risk factors in a cloud computing environment. Journal of Information Assurance and Security, 8, 279-289.

Alali, F., & Yeh, C. (2012). Cloud computing: overview and risk analysis. Journal of Information Systems, 26(2), 13-33.

Alijani, G., Fulk, H., Omar, A., & Tulsi, R. (2014). Cloud computing effects on small business. Entrepreneurial Executive, 19, 35-45.

Cyber Terrorism

Cybersecurity has emerged as one of the important components of modern security initiatives because of rapid advancements of technology and the Internet. Ensuring cybersecurity has become important because of the vulnerabilities of critical infrastructures to cyber attacks in the aftermath of the 9/11 terror attacks. As part of efforts to enhance cybersecurity, federal and state governments in the United States have enacted laws that define the role of various stakeholders in protecting the nation's critical infrastructures. These laws govern the responsibilities of companies and organizations in protecting themselves and customers. In addition, these regulations have some costs associated with them given that enhancing cybersecurity is a relatively complex process.

Organizations' ole in Protecting Themselves and Customers

As cyber attacks continue to increase in the recent past, the federal government has enacted laws and policies to govern the role of organizations in protecting themselves and customers. Based on the…

References

Aspen Publishers. (2015, January). President Obama Signs Cybersecurity Executive Order. The Computer & Internet Lawyer, 32(1), 24. Retrieved from  http://go.galegroup.com/ps/i.do?p=AONE&sw=w&u=18551_mcpls&v=2.1&id=GALE%7CA394183506&it=r&asid=5cc81d8f040ed73e605ae170f9d004c1 

Heilbrun, M.R. & Brown, I. (2011, December). Cybersecurity Policy and Legislation in the 112th Congress. Intellectual Property & Technology Law Journal, 23(12), 24. Retrieved from  http://go.galegroup.com/ps/i.do?p=AONE&sw=w&u=18551_mcpls&v=2.1&id=GALE%7CA273587143&it=r&asid=ceebf07425038136e6c561f5eaf0f61d 

Schwalb, M. (2006). Exploit Derivatives & National Security. Yale Journal of Law & Technology, 9, 162. Retrieved from  http://go.galegroup.com/ps/i.do?p=AONE&sw=w&u=18551_mcpls&v=2.1&id=GALE%7CA182035194&it=r&asid=bdba2800f5f791182662e8f9083e0333

isk Analysis and the Security Survey

The following risk analysis and security survey report will be centered on the hospital as an organization. Vulnerabilities can be classified as crime opportunities, opportunities for breaking rules and regulations, opportunities for profiting and also for loss. By definition, vulnerability can be a gap or a weakness inside a security program that might be exploited by opponents to acquire unlawful access. Vulnerabilities include procedural, human, structural, electronic as well as other elements that offer opportunities to damage assets (Vellani and Owles, 2007).

A vulnerability assessment can be classified as a systematic method utilized to evaluate an organization's security position, assess the efficiency of current security infrastructure, as well as, recognize security limitations. The basic approach of a Vulnerability Assessment (VA) first measures what precise assets require protection. Subsequently, VA recognizes the protection measures previously being used to protect those assets, as well as what…

References

Brandon Region Hospital. (2012). Evacuation plan.

Brandon Region Hospital. (2012). Risk management plan.

Chung, S., & Shannon, M. (2005). Hospital planning for acts of terrorism and other public health emergencies involving children. Archives of disease in childhood, 90(12), 1300-1307.

Code Green Networks. (2009). Protecting Healthcare Organizations from Patient Data Loss. Retrieved from: www.codegreennetworks.com/resources/downloads/wp_patient_dlp.pdf

Target 10-K Analysis

The author of this report has been charged with the task of analyzing the most recent 10-K report for Target Corporation. As part of that analysis, the author will be assessing several data points in particular including the management discussion and analysis (MD&A) portion as well as the financial statements issued. The relevant period in question is the Target Corporation fiscal year that ended on January 31st, 2015. Target emanates from Minneapolis, Minnesota and the filing in question is the annual report, rather than the transition report, pursuant to section 13 or 15(d) of the Securities Exchange Act of 1934 (Target, 2015).

As it was specifically requested for this assignment, the author of this report shall start with the management discussion and analysis section of the report. It starts off by stating that generally accepted accounting practices (GAAP) standard earnings per share was a loss of $2.56…

References

Target Corporation. (2015). Investor Contacts, News, Stocks & Events | Target

Corporate. Investors.target.com. Retrieved 7 July 2015, from  http://investors.target.com/phoenix.zhtml?c=65828&p=irol-sec

Compliance Patch Level

The author of this report has been tasked with discussing the overall subject of patch compliance level. Indeed, the pros and cons of using the patch compliance level framework will be assessed. There will also be an assessment of several critical things such as the patch compliance level of a given patch, what level of patch compliance is safe and what needs to be considered when evaluating the current patch compliance level. Patching is very much a security-related matter and helps both system and network administrators to keep their systems completely up-to-date and as safe as possible from vulnerabilities and hacking attacks. Not applying and installing needed patches to software such as operating systems, firmware, device drivers, databases and so forth can leave an enterprise information technology environment susceptible to attack. While the deployment of patches should be planned and deployed carefully, it is very important to…

References

Blue, V. (2015). New report: DHS is a mess of cybersecurity incompetence -- ZDNet. ZDNet.

Retrieved 21 October 2015, from  http://www.zdnet.com/article/new-report-the-dhs-is-a-mess-of-cybersecurity-incompetence/ 

Chan, J. (2015). Patchmanagement.org. Retrieved 16 October 2015, from http://www.patchmanagement.org/pmessentials.asp

Codenomicon. (2015). Heartbleed Bug. Heartbleed.com. Retrieved 21 October 2015, from  http://heartbleed.com/

This source is relevant to the project because of the implications of IT development and civil rights, most notably, the Fourth Amendment protections against unwarranted search and seizure.

Burnett, E. "Crime Analysis Reporting and Mapping for Small Agencies: A

Low-Cost and Simplified Approach." FBI Law Enforcement Bulletin

Vol. 76, No.

10. (2007):15-22.

This source is highly credible because it is a professional law enforcement journal published by the Federal Bureau of Investigations (FBI). This article details the manner in which evolving IT technology and IT systems have generated new crime-mapping systems such as the first such system pioneered in New York City by Howard Safir in 2000 during his tenure as New York City Police (NYP) Commissioner. Since the introduction of this method of tracking crime statistics by neighborhood and police precinct or service area, other police agencies have implemented similar systems with equally promising results. The article explains how…

Dornan, A. "Biometrics Becomes a Commodity." IT Architect Vol. 21, No. 2.

(2006): 21-25.

This source is highly credible because it is a professional IT technology journal. The article outlines the growing use of biometric technology and Radio Frequency Identification (RFID) systems in business applications. Specifically, it details the extent to which large wholesale organizations such as Walmart and Target have already incorporated biometric systems into their supply chain management functions. Small computer chips attached

Overstock.com

Understanding e-commerce is very important, especially for companies that are focused on providing online shopping and ordering to their customers. One of those companies is Overstock.com, which also goes by its shortened name of "O.co." Companies like Overstock do a great deal of business on the internet, and in order to be successful they have to understand the value of what they are doing and how to relate to the customers and potential customers they want to attract. It is not just about having good prices or good products, because customers need to enjoy their shopping experience, feel safe providing their personal information to the site, and be able to easily and conveniently shop for their items and pay for what they decide to buy (Chaudhury & Kuilboer, 2002). With that in mind, Overstock will be examined here in terms of those specific issues, in order to determine how…

References

Chaudhury, A., & Kuilboer, J.P. (2002). e-Business and e-Commerce Infrastructure. NY: McGraw-Hill.

Laudon, K.C, & Guercio Traver, C. (2014). E-commerce. business. technology. society. 10th edition. NY: Pearson.

Miller, R. (2002). The legal and e-commerce environment today (hardcover ed.). NY: Thomson Learning.

Nissanoff, D. (2006). FutureShop: How the new auction culture will revolutionize the way we buy, sell and get the things we really want (hardcover ed.). NY: The Penguin Press.

Identity heft in Modern Society

Identity heft Report Prep

he topic chosen by this student is "Identity heft in our Contemporary Society." he reason the author chose this is because it is a topic that is becoming more and more prevalent as even major organizations like arget and JX, among others, have been victimized over the recent years. It applies to the author's life as well as everyone else's because the only way that anyone can avoid being the victim of identity theft is to be a financial hermit and never use credit cards or any things that could hit a credit profile and that is basically impossible. Even if it were possible, even children are having their Social Security Numbers stolen and used for electricity bills or even credit accounts. Quite often, the perpetrators of this and other identify crimes are the victim's own families. his topic is universal…

This report is more philosophical in that it asks whether identity theft is really theft. They justify this analysis by saying that many of the concepts of identity are more abstract than tangible and this means that the questions should be asked.

TIGTA: Identity theft protection needs improvements. (2013). Journal of Accountancy, 216(4), 77-78.

This final source points to the fact that the IRS has gotten a lot better at detecting theft including false tax filings and frequently Social Security Number activity.