The protection of the information system Essay Example
The protection of the information system Essay Example

The protection of the information system Essay Example

Available Only on StudyHippo
  • Pages: 5 (1329 words)
  • Published: November 20, 2021
View Entire Sample
Text preview

Introduction

Cyber security, which refers to the protection of information systems from damage or theft (Glantz et al, 2014), involves measures aimed at preventing unauthorized physical access to hardware containing sensitive information (Glantz et al, 2014). Although these measures are in place, unauthorized individuals often attempt to breach data protection by hacking into the system (Wang & Lu, 2013).

Heartland Company

Heartland Payment System specializes in providing bankcards and issuing consumer payment cards to their customers (Wang & Lu, 2013).

The Heartland Company offers prepaid cards, as well as credit and debit cards, for making purchases. They also provide services for processing micropayments, payroll, and loyalty programs. In March 2008, the company experienced a breach of their SQL injection security, which resulted in the exposure of credit cards from the Heartland Payment System

...

. This security breach led to the exposure of 134 million credit cards belonging to the company.

Heartland Company was exposed to SQL injection when attempting to install spyware into its data system. This breach could have been prevented by constraining and sensitizing the input data (Martinez et al, 2013). Additionally, a type-safe SQL parameter could have been implemented for accessing any type of Heartland company data (Wang & Lu, 2013). In response to the extensive credit card exposure, Heartland Company implemented measures to prevent similar mistakes from happening again in the future.

The company demonstrated a strong dedication to preserving integrity and trustworthiness with its customers. Only employees were granted access to the company's database accounts. Moreover, disclosure of database information was restricted to a designated employee responsible for managing it. Additionally, the company enforced stringent regulation

View entire sample
Join StudyHippo to see entire essay

pertaining to the competence of authorized individuals handling their payment system (Martinez et al., 2013).

By ensuring that they cannot make any mistakes, the company was able to prevent another exposure of credit cards (Glantz et al, 2014). In March 2011, Heartland Company experienced a breach of RSA cyber security. The hackers had intentions to carry out a large-scale attack over an extended period (Glantz et al, 2014). As one of the largest and most reputable companies, Heartland was among the victims of this attack. According to Glantz et al (2014), the hackers gained illegal access to employee records at Heartland through hacking their RSA security. Consequently, the company lost 40 million employee records.

According to Glantz et al (2014), the attack was carried out by two hacker groups in collaboration with a foreign government. These attackers used phishing tactics to deceive RSA employees by pretending to be trusted email contacts, as Martinez et al (2013) noted. Wang & Lu (2013) suggest that employing a context-aware access control mechanism could have helped prevent future attacks. This mechanism would ensure that unauthorized access to the company's records is not allowed and also monitor the authentication authority of each session during access.

According to Glantz et al (2014), the platform used to access records of a company is monitored in order to minimize data loss through RSA cyber security breaches. Heartland, a prestigious company, implemented organizational measures to counteract future attackers. One of these measures involved analyzing the behavior of employees and strangers to the company, as this differed from historical methods used by individuals who accessed the same records legitimately (Martinez et al, 2013).

The company implemented an automatic Real

Time Security Intelligence that triggers an alert or temporarily denies access to a record if it is accessed incorrectly (Wang & Lu, 2013).

TJX 2006 Companies

In the case study three, the incident occurred in December 2006 at TJX. Many questions arose regarding how this attack was possible, as the attackers managed to steal credit card data during the transfer of information between two stores. The attackers found a vulnerability in the organization's control system and successfully gained access to the organization's sensitive data and information (Martinez et al, 2013). This breach resulted in a significant loss of data and information that was highly confidential to the organization. The breach occurred due to the organization's weak encryption system (Glantz et al, 2014).

The attackers exploited a weak system to gain access to sensitive data and confidential information (Martinez et al, 2013). This breach could have been prevented by strengthening the firewalls on the TJX network, making it harder for external attacks and easier to detect any advances. The individuals responsible for this attack were later convicted in court for their actions. To prevent similar incidents in the future, a firewall system was implemented on the network and offenders were punished (Armerding, 2015).

Epsilon Company

In March 2011, Epsilon Company experienced a successful theft of information. The source of the attack remains unknown, which could lead to an increase in claims, according to technology experts (Armerding, 2015).

Various claims were made regarding the overall issue (Walters, 2014). The chief security officer asserted that the loss of names and emails could result in the development of more sophisticated and vulnerable methods of attack. In addition, Kelvin Mc Aleaveys estimated that the attack

cost around 4 billion dollars, making it the most expensive attack to date. The weak segregation of the network that protected the information made the attack possible (Culnan ; William, 2009).

The intrusion resulted in the disposal of customer emails and details from over 108 stores, including the finance firm and nonprofit organization City Group. The attack resulted in an estimated loss of 4 billion dollars. Armerding (2015) stated that a more secure network system was implemented to prevent future attacks and safeguard organizational information. Culnan ; William (2009) noted that inadequate system measures were responsible for the breach. The chief management officer pledged to establish data segregation in various formats to segregate the networks.

Apple Inc.

In April 2014, an attack occurred at Apple Inc. As reported by Apple, the attack targeted a specific department rather than the entire system (Martinez et al, 2013). The organization's employees were able to bypass the security measures that had been implemented (Wang & Lu, 2013), leading to the unauthorized access and disclosure of confidential information.

The attackers successfully breached the cloud account and revealed explicit photos of Hollywood celebrities. To prevent such attacks, it is crucial for the company to store its confidential information in an encrypted system to deter unauthorized access (Armerding, 2015). As a result, the individuals involved were duly compensated according to the legal proceedings. With numerous incidents of hackers breaking into systems worldwide, it is imperative to strengthen our security measures to prevent future losses (Martinez et al, 2013). The protection of personal and confidential information should be prioritized and limited to authorized individuals only (Walters, 2014). The recurring occurrence of illegal data breaches highlights the

significant threat faced by institutions globally in terms of unauthorized personnel gaining access to sensitive information.

Therefore, it is generally recommended that institutions establish laws to govern their data. The management policies of an institution regarding data and information should include the limitation of data access for both employees and external individuals, the implementation of context-access control mechanisms, and the use of automatic Real Time Security Intelligence systems that can notify the company or institution in case of unauthorized attempts to access data. Institutions should prioritize data protection by ensuring that their cybersecurity measures are up to date with modern technology.

References

  1. Armerding, T. (2015). The 15 Worst Data Security Breaches of the 21st Century. CSO. Retrieved from http://www.csoonline.com/article/2130877/data-protection/data-protection-the-15-worst-data-security-breaches-of-the-21st-century.html
  2. Culnan, M J., & Williams, C.C. (2009). How ethics can enhance organizational privacy: lessons from the choicepoint and TJX data breaches. Mis Quarterly, 673-687.
  3. Glantz, C.S., Landine, G.

P., Craig Jr, P. A., & Bass, R. B. (2014). Lessons Learned in Over a Decade of Technical Support for US Nuclear Cyber Security Programmes. In International Conference on Nuclear Security: Enhancing Global Efforts.

Proceedings of the International Conference.

  • Martinez, S., Cosentino, V., Cabot, J., &Cuppens, F. (2013). Reverse engineering of database security policies. In International Conference on Database and Expert Systems Applications (pp. 442-449). Springer Berlin Heidelberg.
  • Walters, R. (2014).
  • Cyber-attacks on US companies in 2014. Heritage Foundation Issue Brief, (4289).

    Wang, W., & Lu, Z. (2013). Cyber security in the Smart Grid: Survey and challenges. Computer Networks, 57(5), 1344-1371.

    Get an explanation on any task
    Get unstuck with the help of our AI assistant in seconds
    New