Question

In: Computer Science

Research the internet for an example of a violation of sensitive information (data breach). Post a...

Research the internet for an example of a violation of sensitive information (data breach). Post a summary of the situation and outcome (as well as the source) and evaluate if controls were adequate to prevent the violation. What would you have done to protect the organization from this type of exposure in the future?

Solutions

Expert Solution

Internet users use a service provided by the companies like social media, bank account, and have to provide their personal details like bank balance, address, phone number, browsing history, location details, details of any personal document like passport, national identity card etc. Online hackers breach the security of a company and this is a threat to the user privacy. The companies promise to provide security to the users and expend a percentage of their production cost for this purpose. Unauthorized access to this data is violation and threat to sensitive information. There are many examples of this data breach throughout the history. Lets discuss an example.

* LinkedIn data breach:

  • LinkedIn is a socail media platform for job portals , and users posting the CVs. LinkedIn has almost 700million registered customers. It shares accesss of user profiles with recruiters and companies. The reason I chose LinkedIn example because it's one of the most commonly used social media platform and also it is being used by professionals and not like any common person as on Facebook.
  • In June 2012, 165 million users were affected password information was stolen by hackers and sold online. The main problem was the users passwords were weak and ealiy hackable and also LinkedIn did not salt the passwords.
  • Salting means Cryptoghraphy technique. Salt is an addtional data being inlcuded with the password while storing in the databse. Salt is stored so that hackers don't get the direct password of the user.
  • Later LinkedIn accepted and said that 6.5 million passwords were stolen and published online.
  • Later in 2016, 117 million passwords were out for sale by hackers. This is more than that what LinkedIn accepted.

*The reason for the hack:

  • Experts reveal that the main problem was LinkedIn did not use salt while hashing the passwords. Therefore it was easy to hack the passwords from the database using old table matching technique.
  • Also the users were not prompted to create a strong passwords while creating the account.

* Ways to protect such data breach :

  • As discussed above LinkedIn should have used a proper cryptoghraphic technique to store the passwords. The encrption and description has to be tight and secure. Use of random salt should be encouraged along with the encrypted passwords while storing.
  • Make sure the users use passwords according to standard guidelines like the USSC passwords Strength and security guidelines. Users must be encouraged to use passwords longer in length and with symbols, capital letters and numbers.
  • Passwords should not include username and or email id.
  • Normally single words are not long in length. Therefore to avoid the user entering passwords containing single words, the software should guide the user tp enter passwords atleast 10 in length. Hackers can look up the dictionary for common words, slangs.
  • The should be system to force use of rules like atleast one capital letter, one numerical, and a specail symbol along with the specified length. Guide the users to not use common words like p@ssw0rd123, though this may fullfill alll the requirements above, but still its a guessable password.
  • No employee should be allowed to take the confidential data of the organization to his/her home with any reason. The laptops brought to the organization premises must have some rules of the organization.
  • The users must be notfied the login to their account if any suspicious activity if found.
  • The system administrator should also get notofication of any access to the system from a non-familier ip address.

* Conclusion: Data breach is a malpractice to steal the data from the users and government offcials should have some principles that companies should follow else stern action must be taken.


Related Solutions

Research the internet for an example of a pie chart or bar chart. Post a copy...
Research the internet for an example of a pie chart or bar chart. Post a copy along with its source. Include a question regarding the chart for your classmates to respond to.
Digital security is an increasing concern is the Internet age. In order to protect sensitive information...
Digital security is an increasing concern is the Internet age. In order to protect sensitive information online, what are the methods for enhancing digital security? Select one method and describe in detail how it is implemented and how you would implement it to protect your online data.
Digital security is an increasing concern is the Internet age. In order to protect sensitive information...
Digital security is an increasing concern is the Internet age. In order to protect sensitive information online, what are the methods for enhancing digital security? Select one method and describe in detail how it is implemented and how you would implement it to protect your online data.
Describe the data breach incident and the primary causes of the data breach.
Describe the data breach incident and the primary causes of the data breach.
Provide a scenario that illustrates an example of: A breach to confidentiality A breach to integrity...
Provide a scenario that illustrates an example of: A breach to confidentiality A breach to integrity A breach to availability
Use the internet and research the impact that information technology and the internet has on society,...
Use the internet and research the impact that information technology and the internet has on society, the economy, and the environment. Give positive and negative examples. In addition, discuss strategies for safeguarding computers, mobile devices, and networks against attacks while using the internet.
explainin your conclusion regarding whether the scenario constitutes a violation of public policy or a breach...
explainin your conclusion regarding whether the scenario constitutes a violation of public policy or a breach of a covenant of good faith and fair dealing. Support your conclusion with legal analysis and reasoning. A machine operator employee with a major depressive disorder intermittently takes leaves under the Family and Medical Leave Act, resulting in alleged harassment by her employer surrounding her FMLA usage as well as a transfer to various difficult machines after her return from leave. Two months after...
Data Breaches : In recent years we’ve witnessed a series of disastrous data breach. Research one...
Data Breaches : In recent years we’ve witnessed a series of disastrous data breach. Research one of breaches reported in the recent years (for example this article). Write a report about the breach, describing abuse techniques, damages, consequences, and remedies.
This research report is broken into two parts: Use the Internet to research information on the...
This research report is broken into two parts: Use the Internet to research information on the different EAP protocols that are supported in WPA2 Enterprise (see Table 8-5). Write a brief description of each and indicate the relative strength of its security.   2. Is the wireless network you own as secure as it should be? Examine your wireless network or that of a friend or neighbor and determine which security model it uses. Next, outline the steps it would take...
By doing a search of the internet or by other research methods, find an example, or...
By doing a search of the internet or by other research methods, find an example, or a case study, of an organization that has used Unified Communications to their advantage. 1) What business problem was this organization trying to solve? 2) What was the current state of their communications technology infrastructure? 3) What unified communications technologies did they decide to deploy? What were the key components of this system? 4) How did they improve their business by implementing unified communications?...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT