Key Issues Faced by IS Managers in the Organization
For the cyberspace, there is a significant increase in the feature of information-age today. Data breaches are growing continuously in many organization and the current IS Manager could understand this problem and are able to get into the area to which the concern is growing rapidly for the senior IT Manager. Data breaches has now become an everyday issue for most of the organization. Several literature were review for this particular article to understand the most current security data breaches that has taken place in an organization. In the report two current data breaches has been critically identified, analyzed, evaluated and argued for the aspects of IS Management.
According to Liu et al. (2015, pp. 1009-1024) the issues that the IS Mangers of the organization were facing are mainly associated with the cloud computing. The challenges that they were facing was numerous. This issues were discussed below:
Data Segregation: The process of sharing in cloud computing makes it easy for the client to make the data available from one client to the other. The data therefore can be easily accessible to more than one client.
Data Location: The condition of the cloud computing indicates that the client could be ignore for the cloud that have information in the storage area.
Recovery: The cloud provider generally utilizes the data farm or the server were customer information are put away which usually get flopped and get disappointed by the catastrophes or the framework. Here the cloud provider takes the responsibility to advice the information of the customer status.
Regulatory Compliance: For the cloud systems and the processes, some internal audit was performed by the cloud provider. However, the process through external audit was never permitted. The cloud provider later drops the process of installing some new certificates of the security to the network.
Privileged the access from the user: When the unauthorized user could access client information that are most confidential then it became important that a new membership has been acquired by the client which could easily verify the unauthorized access. If this could not be accessed then it increase the leakage of information. The data owner have full rights to store data. Only those users that have certain privilege or the right to access the data can get this rights.
Investigation Support: The concern with the unlawful access could request exactly about the information of the customer which is troublesome in the cloud computing. The access that was unapproved could be finish either by the external client or the internal client.
Familiarity with Research in the Area of IS Management
In one of the literature, Mello (2018) has provided classification of data breaches in various place over the world. As per the research 75 % of the data breaches has come from the external parties. The data breaches had fraud detection which were either discovered by third parties or by the agencies of law enforcement. Islam, Manivannan & Zeadally (2016, 7(1)) has focused on the problem in security that could protest against the data breaches. There are types of security breaches that are found to drive abnormal returns. It has unauthorized access to confidential data. Study shows incident that has privacy and negative impact could keep the value of the market low. There are no confidential information that are involve in breaching the data. The result of Ramachandran & Chang, (2016, pp.618-625) suggest that the breaching of data leads to litigation. The laws of disclosing the data breaches could reduce the identity theft. It does not mitigate the data breach which may lead to long-term impacts.
Conversely, most of the firms needs valuable assets for information which they could get through breaching the data. Across various discipline the information gets vary and handle the data personally. If intrusion is without the theft of data, then the data could be viewed by the intruder as no damage or modification is possible by the intruder. The intruder cannot steal the data were identifying the intrusion attack is difficult. If intrusion is with the theft of the data were damage could be serious and get the system access.
None of the organization would like to have a tough time for disclosing data breaches. The company have faced both long-term and immediate consequences along with its customers. The value and reputation of the company get damage, fines in potential regulatory, recompense of victim and lawsuits. The experience could be very painful who either get involved or affected. The data breach source are if shared to other organization then they will make sure that such similarity does not occur to them again. The most recent data breaches that had been identified in the organization like Orbit and Panera are discussed below:
Data Breaches in Orbit: The incident took place in the month of March 1st were some unauthorized user able to access the platforms of legacy travel booking. The fare service aggregator of the travel believes that permissions were available for the attacker as they could view some sensitive and confidential information in which they include the name of the customer, phone number, billing addresses, date of birth, gender, email addresses and information of the payment card. The incident had no evidence for the exposer of Social Security Numbers, customers’ passport and travel itineraries. In the month of October 1st, 2017 till December 22nd, 2017 around 880,000 details of the breach get exposed form the customers’ payment cards. The incident made them realize that they need to replace the outdated system and software legacy. The security risk could significantly present especially there is no support and when they do not receive the latest patches and updates of the security. Funding was provided for the legacy systems that could replace and point out the system with hidden dangers and it put a risk on the dollar amount. With every 1 % of spending, the legacy systems could be maintaining by the organization shift that could get the new system. There would be 5% reduction in the security incidents.
Development of Critical Thinking Skills
Data Breaches in Panera: The incident took place in the month of April 2nd, in which Brain Krebs reveal that the website of Panera Bread Chain for the restaurants had a flaw. Dylan Houlihan, the security researcher discussed about the issue it has leaked the data in the form of plaintext of the customers who had created an account to make purchase by once sign up with the website (Bisson 2018). Later they can anytime purchase online food items by using the website of panerabread.com. From the website they could expose all the information from the name of the customers’, date of birth, physical and email addresses, and the details of the payment cards that contain the last four digits. The company later insinuated that the actual scammer was Houlihan who was the team members of Panera’s security. He took the vulnerability and did nothing for eight months. With further investigation Krebs could not patched the flaw and it could affect 37 million customers. From the breaches of the Panera Bread’s website, the value for regular penetration tests was conducted for the web-based assets. The bugs could disclose frameworks of the vulnerability that also include disclosing the bugs. This indicate that security is very much important for the organization as it contain the information of the customers and strengthen the work of the external researchers.
In an article the annual dataset were analysed that have strived to identify the public, private, large, small, international, domestic which could engage the external collaboration. Over the year the number of contributor increases and every year changes have been realized. The area of focus is difficult to identify as changes were seen in the contributors that focus on difficulties and identify the trends over time. There are several component of the data breaches that leverage the actions and has a closer look on the specific results were dataset are included. Data breaches are still their behind the threat actor. The internal actor has a steady percentage as shown in the figure. The variance is shown in the last two years and the breaches were removed by taking down the botnet associated with it.
The notification of security breaches is related to transparency of the challenges face by the organization. This improve the efficacy that are develop by the environmental laws. The field of data protection is important for the public that could breach the data immediately from the individual. There are ethical and legal obligation that explains the internal and external implementation of stakeholders. The organization accountability could be enhancing by improving the respond time, incidents and the security risks. The notification of data breach has negative impact on the loyalty of the customer. Rao & Selvamani (2015, pp.204-209) report that the breaches in the security of data involve information of the credit card. For an organization, notification becomes costlier as there is a need to give service to the customer along with the operations. Moreover, the notification for the data breach could cause risk mitigation and result into an organization that could mitigate the own expected cost of the organization.
A data breach is taken as an incident that could risk about the potential data which results in preliminary analysis. The medical and educational organizations have intrusions that could target with malicious activity. There is a requirement of extensive update about the employees that could provide the training on handling the data when any kind of mistake occur. Possibility over here is that mistakes can be happen at any time. And eventually it could get corrected one by one. The breaching in the data could increase a system hack, mishandling of papers, devices that are portable. The system could breach the notification law which is for shorter durations which could enact the notification of the legislation and the government officials. The risk could get mitigated by the organization and could briefly mention that the breaches could result in damaging the reputation, stolen of the credit cards and loss in the values of the firm are the countermeasure against the data threats of the future credit card.
Conclusion
From the study that has been done on different literature, the result of the data breaches that has been identified, analyzed, evaluated and argued provide a better understanding about the unexpected attack from the data breaches. The report also has provided with some familiarity in the research area that could provide the IS Management information. From the study in it clear that the notification of data breach could provide a security awareness about the organization. The evaluation is performed in a better manner about the security risk.
References
Bisson, D. (2018). 6 Big Data Breaches in 5 Weeks, 4 Critical Security Lessons Learned. [online] Blog.barkly.com. Available at: https://blog.barkly.com/data-breaches-2018-orbitz-panera-saks-lord-taylor-delta-sears-best-buy [Accessed 18 Aug. 2018].
Islam, T., Manivannan, D. & Zeadally, S., 2016. A classification and characterization of security threats in cloud computing. Int. J. Next-Gener. Comput, 7(1).
Liu, Y., Sarabi, A., Zhang, J., Naghizadeh, P., Karir, M., Bailey, M. & Liu, M., 2015, August. Cloudy with a Chance of Breach: Forecasting Cyber Security Incidents. In USENIX Security Symposium (pp. 1009-1024).
Mello, S., 2018. Data Breaches in Higher Education Institutions.
Ramachandran, M. & Chang, V., 2016. Towards performance evaluation of cloud service providers for cloud data security. International Journal of Information Management, 36(4), pp.618-625.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
