Question

In: Accounting

It is not uncommon to hear that a company’s IT security is compromised. Find nine cases...

It is not uncommon to hear that a company’s IT security is compromised. Find nine cases from 2010 to 2018 (i.e. one case for each year). Summarize and compare those nine cases. You need to draw tables to compare them.What are the major implications of your analyses to the IT audit profession? What lessons do they give to the IT audit profession? What is the best way to prevent and detect such cases based on your analyses?

Solutions

Expert Solution

Ans:

Cases since 2010

1.Educational credit Management Corporation-2010

On March 26, 2010, ECMC, a student loan agency,revealed that personal data on about 3.3 million student loan borrowers had been stolen from its headquarters in Minnesota. The compromised information included student's names, addresses, date of birth and social security numbers.

2.Betfair-2011

Betfair admitted that more than 2.9 million usernames and 90,000 bank account details were leaked in 2011 when their server was hacked by cyber criminals, possibly from Cambodia. The revelation came to light when the betting exchange said it did not disclose in 2011's flotation prospectus the details of the attack on customer's payment card details. This led to the resignation of Betfair's security breach.

3.Wisconsin Department of Revenue-2012

The Wisconsin Department of revenue revealed that it had accidentally made public 110,795 social security numbers and tax id numbers of Wisconsin residents. The numbers were mistakenly embedded in a real estate report and posted to the department's website for almost three months before being removed.

4.Target-2013

In mid December 2013 it was found that cyber criminals had breached the systems. It was reported that hackers had access to credit card and debit card information. It cost nearly 110 million for the company to make the compensation

5.eBay-2014

The online retailer suffered one of the biggest data breaches yet reported by an online retailer. The breach is thought to have affected the majority of the company's 145 million members, and many were asked to change their passwords as a result. The lawsuit could cost eBay more than $5 million.

6.Premera-2015

Premiere, a medical insurance company, was hacked in May of 2014-but the breach wasn't disclosed until of March of 2015. The hack compromised the data of 11 million individuals, including "social security numbers, birthdays, emails, bank account information, clinical information and detailed insurance claims" to both past and present customers, dating back to 2002.

7.Snapchat -2016

700 current and former Snapchat employees had their personal information stolen when hacked used a phishing scam to trick an employee into e-mailing them the private data. Posing as Snapchat chief executive Evan Spiegel, the attackers simply requested-and received -sensitive employee information including names, social security numbers, and wage/payroll data.

8.America's job link-2017

America's Job link, a web-based system that connects job seekers and employers, revealed its system were breached by a hacker who exploited a misconfiguration in the application code. The criminal was able to gain access to the personal information of 4.8 million job seekers, including full names,birth dates, and social security numbers.

9.FedEx-2018

In February, Kromtech security discovered information from approximately 119,000 FedEx customers on an unsecured Amazon web services cloud storage server. Information includes drivers licenses, names, home addresses, passports and phone numbers.

Implications:

IT security risk may not have been identified as a key risk area by auditor as part of risk assessment, but this does not necessarily mean that no breach has occurred. Auditors should still maintain their professional scepticism when carrying out their audit as there could be events or conditions that may indicate a possible breach. Some businesses with weak IT programmes and controls may not even realise that that they have been the subject of breach. Auditors should hence conduct their audit with mindset that recognises the possibility that an actual cyber attack may have happened. Through the performance of the usual audit procedures, it is still possible to identify such cyber incidents.

Lesson learnt:

1.Privileged Id's are growing and so is associated risk

2 Grant user entitlements appropriately and keep them updated

3 Managing and monitoring privileged users is necessary for both security and compliance.

4.Mitigate insider risk and maintain compliance with a privileged identity management solution.

PREVENTIONS:

1.Sensitive information must be protected wherever it is stored sent or used .Do not reveal personal information inadvertently.

2 The organisation should ban shifting data from one device to another external device. Losing removable media will put data on the disk under risk

3.Any media that may serve as an allegiance to the hackers should be restricted to download.This could reduce the risk of transferring the downloadable media to an external source.

4.The organisation should shred all the files and folders before disposing a storage equipment. There are application which can retrieve information after formatting

5.The institution should have a ban on the device that are unencrypted. Laptops and other portable devices that are unencrypted are prone to attack.


Related Solutions

It is not uncommon to hear people say that because debt has a lower cost of...
It is not uncommon to hear people say that because debt has a lower cost of capital than equity, a firm can reduce its overall WACC by increasing the amount of debt financing. If this strategy works, shouldn’t a firm take on as much debt as possible, at least as long as the debt is not risky? Explain your answer using M&M Proposition II
Texas is unusual in that it has two high courts: one to hear civil cases and...
Texas is unusual in that it has two high courts: one to hear civil cases and one to hear criminal cases. Why do you think Texas has such a system? What are the consequences (good and bad) of having two separate high courts?
Most consumers don’t think about security or privacy until it has been compromised and they must...
Most consumers don’t think about security or privacy until it has been compromised and they must deal with the consequences. Your manager at the CPA firm where you work has asked you to produce a customer-oriented security and privacy brochure as part of a rollout plan for new online services the firm plans to offer. When asked for the details of these services so you can write about them, the reply is “I want you to tell me what typical...
We hear stories in the news about cases of medical malpractice that could have been prevented....
We hear stories in the news about cases of medical malpractice that could have been prevented. For your initial post, conduct research for ways to prevent medical malpractice cases. Provide at least 3 ways to prevent these types of cases. How will these prevention measures lead to a decrease in malpractice cases?
Federal courts may hear cases that originate and really only pertain to state law when there...
Federal courts may hear cases that originate and really only pertain to state law when there is diversity of citizenship between the plaintiff and defendant. The Gasperini case is one such case. In the case, the federal court was compelled to apply state law, not federal law. This is due to which famous case? Hanna v. Plumer Guaranty Trust v. New York Byrd v. Blue Ridge Electrical Erie R.R. v. Tompkins All of these cases stand for this proposition In...
What types of cases do the state courts have authority to hear? What about federal courts?...
What types of cases do the state courts have authority to hear? What about federal courts? Practically speaking, why would our country have this multi-tiered court system?
with references: From time to time we hear proposals to "privatize" social security. What does this...
with references: From time to time we hear proposals to "privatize" social security. What does this mean exactly? What are the pros and cons behind this idea? Do you support the current system or do you think it should be reformed? If so, how?
2. Find the value of ? in the following cases: a. ?(−? ≤ ? ≤ ?)...
2. Find the value of ? in the following cases: a. ?(−? ≤ ? ≤ ?) = 0.6840 b. ?(? ≤ ? ≤ 1.40) = .8240 c. ?(−1.20 ≤ ? ≤ ?) = .5860
A home security system is designed to have a 99% reliability rate. Suppose that nine home...
A home security system is designed to have a 99% reliability rate. Suppose that nine home equipped with this system experience an attempted burglary. Find the probability that at least two of the alarms are triggered. Group of answer choices A) 1- (.019 ) - 9* (.018 )* (.99) B) 1- (.999 ) - 9* (.998 )* (.01) C) 1- (.999 ) D) 1- (.019 )
describe the Four courts which hear tax cases. (Don’t just say four names. Please include some...
describe the Four courts which hear tax cases. (Don’t just say four names. Please include some information about four courts)
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT