Discussion: Security Breach Evaluation

 
Learning Objectives and Outcomes

Analyze the given case study on security breach.
Recommend controls to avoid an enterprise security breach.

 
Assignment Requirements
Read the text sheet named “Local Breach of Sensitive Online Data” and address the following:

Using what you have learned about security breaches, describe what measures should have been taken by the educational service and test preparation provider to avoid the security breach mentioned in the text sheet.

Respond to your peers with your point of view on their answers. Respond to at least two of your classmates' original thread posts with between 100 - 150 words for each reply.  
Make sure your opinion is substantiated with valid reasons and references to the concepts covered in the course. In addition, initiate a discussion with the students who comment on your answer.
Required Resources

Text sheet: Local Breach of Sensitive Online Data (ts_localbreach)


 
Self-Assessment Checklist
Use the following checklist to support your work on the assignment:

I have engaged in a discussion of the assigned topics with at least two of my peers.
I have raised questions and solicited peer and instructor input on the topics discussed.
I have articulated my position clearly and logically.
I have supported my argument with data and factual information.
I have provided relevant citations and references to support my position on the issue discussed.
I have compared and contrasted my position with the perspectives offered by my peers and highlighted the critical similarities and differences.
I have solicited peer and instructor feedback on my arguments and propositions.
I have offered a substantive and critical evaluation of my peer’s perspective on the issues that is opposite of mine, and supported my critical review with data and information.
I have followed the submission requirements.


Response(Ramakrishna)

According to the Identity Theft Resource Center, there have been 383 internet security breaches thus far in 2014, a 25% increase from last year. Though Target's breach made news due to the sheer size, hundreds of other businesses are being targeted, like eBay, Neiman Marcus, and AT&T. The ITRC reported that a staggering 14 million identities were stolen in 2013, or one every two seconds.
Though companies like Target make the news for massive security breaches, small to medium sized businesses make up 75% of data breaches (Tweet This). According to Business News Daily, 40% of SMBs were part of a breach in 2013, and 76% of those were due to a compromised password (Tweet This Too). These numbers are terrifying for any business owner, especially those whose livelihood is increasingly online (Denham, 2015).
To keep the information of your business and that of your customers’ safe, the FCC recommends the following cyber-security steps:
1. Train employees in security principles
Establish basic security practices and policies for employees, such as requiring strong passwords, and establish appropriate Internet use guidelines that detail penalties for violating company cybersecurity policies.
2. Protect information, computers and networks from cyber attacks
Keep clean machines: having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats.
3. Provide firewall security for your Internet connection
A firewall is a set of related programs that prevent outsiders from accessing data on a private network. Make sure the operating system's firewall is enabled or install free firewall software available online. If employees work from home, ensure that their home system(s) are protected by a firewall.
4. Create a mobile device action plan
Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network. Require users to password protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks (Carroll, 2014).
5. Make backup copies of important business data and information
Regularly backup the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files.
6. Control physical access to your computers and create user accounts for each employee
Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended.
7. Secure your Wi-Fi networks
If you have a Wi-Fi network for your workplace, make sure it is secure, encrypted, and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router.
8. Employ best practices on payment cards
Work with banks or processors to ensure the most trusted and validated tools and anti-fraud services are being used. You may also have additional security obligations pursuant to agreements with your bank or processor (Croft, 2014).
9. Limit employee access to data and information, limit authority to install software
Do not provide any one employee with access to all data systems. Employees should only be given access to the specific data systems that they need for their jobs, and should not be able to install any software without permission.
10. Passwords and authentication
Require employees to use unique passwords and change passwords every three months.

Respond(Ramakrishna)

 
We are discussing the topic, local breach of sensitive online data this was mainly based on the educational services. Here breach is a kind of action or a method like breaking a result it’s like breaking the law, faith, trust, or a promise, etc. Here some of the educational reviews that have the friction companies was hit with a huge data breach that was making some headlines. The educational services that are based on the Olianas and also test preparation of providers that can be inadvertently have exposed files of at least 100,000 students from various parts of the country from their web sites. By this news of the breach makes all the public on Tuesday morning from a reporter in the local newspaper (Guanhua Hu & Bing Li, 2019).
The education services had their private data in their own software by collecting the details of students. Here the files that were exposed from the company that is switched to the internet service provider earlier this year. The sensitive information here in which includes the personal information of the students like date of birth, names, ethnicities, and the learning of the disabilities. The test performers are also easily accessed by the simple web search here we have to take a note regarding the saving of the personal data of many students (Samtani & Chinn, 2017).
By doing this simple search the data was shown on the internet for at least seven weeks according to the given reports. This none of the information is password and also protected and also was intended only to be viewed by the educations authority members who are using it. These are called sensitive online data that are stored in the company’s profiles and also leaked on the internet without any security of the data. The companies should be careful regarding the data that was stored as the personal data and was easily leaked by others (Sibi Chakkaravarthy & Sangeetha, 2018).