Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Are you familiar with any of these cases? If not, search online for a similar ca

ID: 376872 • Letter: A

Question

Are you familiar with any of these cases?  If not, search online for a similar case in the news and determine what policies from the book would have helped prevent the breach that is discussed.

CASE STUDY

In November 2012, South Carolina state officials disclosed a massive data breach at the Department of Revenue. Few details on the breach were disclosed. But it involved exposing more than 3.6 million taxpayers’ personal information records and 650,000 business tax–related records. The breach occurred in September 2012. It’s clear that massive amounts of personal information were stolen.

A former top official with the FBI estimated the cost to the state at more than $350 million, based upon past FBI experience, including the cost of offering free credit monitoring to affected individual taxpayers and businesses.

The root cause of the breach cited in news reports was the lack of mandatory security policies across 100 state agencies, boards, commissions, and colleges and universities.

All state agencies have some type of computer security system in place. It’s fair to assume they all have some level of security policy in place. But it is clear these policies were discretionary. That meant an approach to information security across state government that was at best inconsistent. Nor did the state appear to have a comprehensive approach to sharing best practices for information security or for coordinating response to these types of data breaches.

In the case of the South Carolina Department of Revenue, the policies clearly were neither adequate nor consistent. Additionally, reports indicate the source of the hack was in Eastern Europe. The hacker or hackers gained access through a phishing e-mail. Phishing e-mails try to trick a user to open an e-mail and execute a link or program with malware. Security awareness is a strong control that educates users on how to protect themselves from such attacks, including how to recognize such attacks and why not to open suspect links. If a phishing e-mail was a source of the attack, it might be an indication that the security awareness program at this state agency was inadequate.

Explanation / Answer

TO PREVERNT A DATA BREACH

For companies that have critical information assets such as customer data, intellectual property, trade secrets,and proprietary corporate data, in various government departments, hospitals, health care organisations, the risk of a data breach is now higher than ever before. It is essential for all the people to monitor the policies to protect data breach and protect information from hackers, phising e-mails, malicious organizations should select solutions based on an operational model for information security that is risk-based and content-aware.

After studing various studies related with data breach and here six steps are discussed to that any organizationcan take, using proven solutions to significantly reduce the risk of a data breach and information security.

STEP1:TARGETED ATTACKS - STOP INCURSION BY TARGETED ATTACKS

The source reveals that top four means of hacker incursion into any company’s network are through exploiting system vulnerabilities, default password violations, SQL injections, and targeted malware attacks. Hence to prevent incursions, for every organisation it is necessary to shut down each of these avenues into the organization’s information assets. Most important step is that, Core systems protection, IT compliance controls assessment automation, and endpoint management, in addition to endpoint, Web, and messaging security solutions, should be combined to stop targeted attacks.

STEP2:IDENTIFY THREATS - CORRELATING REAL-TIME ALERTS WITH GLOBAL INTELLIGENCE

Real time alert will help identify and respond to the threat of a targeted attack, security information and event management systems can flag suspicious network activity for investigation. Hence in organistions the value of such real-time alerts is much greater at the time when the information they provide can be correlated in real time with current research and analysis of the worldwide threat environment.

STEP 3:PROACTIVELY PROTECT INFORMATION

In today’s connected digital world the oraganisations who are dealing with mass information or data regarding personal details they must accurately identify and proactively protect their most sensitive information wherever it is stored, sent, or used. Hence for the security purpose by enforcing unified data protection policies across servers, networks, and endpoints throughout the enterprise, the organisations can progressively reduce the risk of a data breach

STEP4:AUTOMATE SECURITY THROUGH IT COMLIANCE CONTROLS

In order to prevent a data breach caused by a hacker or a well-meaning, phising e-mails or malicious insider, organizations must start by developing and enforcing IT policies across their networks and data protection systems in their organisation. Hence to by assessing the effectiveness of the procedural and technical controls in place and automating regular checks on technical controls such as password settings, server and firewall configurations, and patch management, organizations can reduce the risk of exposing sensitive information.

STEP5:PREVENT DATA EXFILTRATION

In nthe connected digital world, in the event a hacker incursion is successful and it is still possible to prevent a data breach by using network software to detect and block the exfiltration of confidential data. In the organisations Well-meaning insider breaches that are caused by broken business processes can likewise be identified and stopped. Hence in every organisation data loss prevention and security event management solutions can combine to prevent data breaches during the outbound transmission phase.

STEP6:INTEGRATE PREVENTION AND RESPONSE STRATEGIES INTO SECURITY OPERATIONS

In order to prevent data breaches, it is essential to have a breach prevention and response plan that is integrated into the day-to-day operations of the security team. Hence In the digital world the use of technology to monitor and protect information should enable the security team to continuously improve their strategy and progressively reduce risk, based on a constantly expanding knowledge of threats and vulnerabilities.

Related Questions

Are these all correct Let U- (q, t, s, t, u, v, w, xy, z A- iq, s, u, w, yl B=(q
Question #3195810
Are these answers correct? Please explain. 1. A compound, C5H10O, reacts with ph
Question #961987
Are these color changes consistent with the expected positions of the ligands in
Question #989602
Are these correct SQL statements or am I off in somethings? Thanks CREATE VIEW I
Question #3561136
Are these correct? 1. Sodium borohydride is stable in acidic aqueous solutions.
Question #545491
Are these correct? A linked list is represented by a reference to Answer the fir
Question #3536068
Are these correct? ALGEBRA1-Alternate Exam 3-contisue Recall that you now are ex
Question #3114953
Are these correct? ALGEBRAI -Alternate Exam 3- comtinued Stadent\'s Name 15. The
Question #3114954
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Are you especially loyal to any one brand? If so, what is it and why are you so
Next
Are you for or against free trace? Are you for or against NAFTA? What is the eco

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.