...Case Study #1 Cyber Security in Business Organizations CIS 500: Information Systems for Decision-Making Cyber Security in Business Organizations On December 19, 2013, the Target Corporation in Minneapolis, MN, put out a press release on their website confirming there had been a security breach allowing unauthorized database access to their Point of Sale (POS) systems, between November 27 and December 15, 2013. Target reported approximately 40 million credit/debit card accounts could have been affected. In the release, Gregg Steinhafel, chairperson, president and chief executive officer, stated the following, “Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause. “We take this matter very seriously and are working with law enforcement to bring those responsible to justice.” (Target Press Release, 12/19/2013). Retailers are prime targets for hackers. Why? Simply stated, Risk versus Benefit. Retail stores compile a vast amount of financial data and banking information for millions of people across the country. It could be considered a new version of bank robbery. Rather than dealing with all the planning, resources needed and danger involved with robbing one actual bank, not to mention having to split the money with cohorts, hackers can skip the bank altogether. Obtaining consumers’ banking information provides all the benefits...
Words: 2080 - Pages: 9
...2012 Cost of Cyber Crime Study: United States Sponsored by HP Enterprise Security Independently conducted by Ponemon Institute LLC Publication Date: October 2012 Ponemon Institute© Research Report 2012 Cost of Cyber Crime Study: United States Benchmark Study of U.S. Companies Ponemon Institute October 2012 Part 1. Executive Summary We are pleased to present the 2012 Cost of Cyber Crime Study: United States, which is the third annual study of US companies. Sponsored by HP Enterprise Security, this year’s study is based on a representative sample of 56 organizations in various industry sectors. While our research focused on organizations located in the United States, many are multinational corporations. For the first time, Ponemon Institute conducted cyber crime cost studies for companies in the United Kingdom, Germany, Australia and Japan. The findings from this research are presented in separate reports. Cyber attacks generally refer to criminal activity conducted via the Internet. These attacks can include stealing an organization’s intellectual property, confiscating online bank accounts, creating and distributing viruses on other computers, posting confidential business information on the Internet and disrupting a country’s critical national infrastructure. Consistent with the previous two studies, the loss or misuse of information is the most significant consequence of a cyber attack. Based on these findings, organizations need to be more vigilant...
Words: 9057 - Pages: 37
...Applications (IJNCAA) 2(1): 127-137 The Society of Digital Information and Wireless Communications, 2012 (ISSN: 2220-9085) Cyber Forensics: Computer Security and Incident Response Virginiah Sekgwathe1, Mohammad Talib2 1 Directorate on Corruption and Economic Crime, Gaborone, BOTSWANA veesek@gmail.com 2 Department of Computer Science, University of Botswana, BOTSWANA talib@mopipi.ub.bw ABSTRACT The intensification of Information and Communications Technology usage in all facets of life exceedingly amplify the incidents of information security policy breaches, cyber crimes, fraud, commercial crimes, cyber laundering etc, hence require a well developed approach to tackle these incidents in order to realize legally defensible digital evidence. Since electronic evidence is fragile and can easily be modified, finding this data, collecting, preserving, and presenting it properly in a court of law is the real challenge. There is a need for use of semantic analysis to discover underlying security policy requirements and internal power structures and institutionalization of anti cyber attack, antimoney-laundering and regulatory schemes. The first responders to cyber security incidents often than always are an organization ICT personnel who are technically sound though may be deficient in investigative skill. The scientific standards of cyber forensics dictates the procedure as it promotes objectivity, a precise and well documented analysis, particularly...
Words: 5129 - Pages: 21
...Case Study 1: Cyber Security in Business Organizations Abstract This paper examines the importance of cyber security in business organizations and discovering better methods to combat cyber terrorism in the future. Data breaches in the work place have become an increased threat to personal privacy as well as to the economic livelihood of many organizations. In this paper we will further examine how a simple data breach almost brought the retail giant Target to the brink of destruction and provide detailed accounts of other recent data security breaches that have effected other business organizations and discuss what could be done to prevent them. Cyber Security in Business Organizations Modern global industries rely heavily on the data that they acquire to stay relevant in order to compete in a constantly moving world of technology. Protecting present and future data from potential cyber theft has become a vital need to the economic livelihood of today’s organizations. In today’s business world, organizations must prepare themselves for not only increased vulnerability attacks from exterior threats of cyber terrorist seeking to gain access to a company’s private data and resources but also have to take in account and be mindful of the interior threat of disgruntled employees whose mission is to expose or sale company sensitive or secret data for their own profitable gain. In today’s era of computing, cyber security can be described and defined in several ways...
Words: 1143 - Pages: 5
...concerning its security as a sovereign nation. In other words, cybercrime equally brings serious concerns for both private industries and government. Also, private industries have an interchangeable relationship with government agencies as client to provide services. Most of utilities-related critical infrastructure systems in every city are mostly managed by private organizations. As we are more depending on technological management of such critical infrastructure and centralization of such system throughout the network, cybercrime targeting those critical infrastructures can have detrimental effects for both private and government sectors. There has been a steady increase in numbers of cybercrime with its benefits over the traditional crime in the past decades. Cyber criminals are getting smarter and equipped with more resources with every passing days and are becoming bigger threats. Therefore, it is important to scrutinize those cybercrime-related issues as well as to delve into planning a well-thought out countermeasure for both private and government sectors in various aspects for betterment of safer society of the information era. In this paper, Part I addresses how government intervention justifies telling private industry how to set up or improve their cybersecurity with its policies. Part II addresses the impacts on national security due to government regulation by private industry’s compliance. Part I. Government Regulation of Private Sector Cybersecurity Cyber criminals...
Words: 3978 - Pages: 16
...Lodhi Road New Delhi – 110003 Discussion draft on National Cyber Security Policy “For secure computing environment and adequate trust & confidence in electronic transactions ” Your comments/feedback on this document are most welcome. Please send your valuable comments/feedback by 15 May 2011 to Dr Gulshan Rai, Director General, CERT-In, at the at the above address or on email id ‘grai@mit.gov.in’ Discussion draft Department Of Information Technology National Cyber Security Policy “For secure computing environment and adequate trust & confidence in electronic transactions ” Contents 1.0 Security of Cyber Space – Strategic perspective 1.1 IT as an engine for economic growth and prosperity 1.2 Security of cyber space - Need for action 1.3 Target audience 1.4 Securing cyber space – Key policy considerations 2.0 Cyber space – Nature of threat 2.1 Threat landscape 2.2 International cooperation 2.3 Securing cyber space – Scope of action 2.3.1 Cyber security and cyber defense 2.3.2 Cyber intelligence and cyber defense 2.4 Priorities for action 2.5 Partnership and collaborative efforts 3.0 Enabling processes 3.1 Security threat and vulnerability management 3.2 Security threat early warning and response 3.3 Security best practices - compliance and assurance 3.4 Security crisis management plan for countering cyber attacks and cyber terrorism 3.5 Security legal framework and law enforcement 3.6 Security information sharing and cooperation 4.0 Enabling technologies – Deployment...
Words: 7888 - Pages: 32
...EXECUTIVE SUMMARY This paper details the importance of cyber security in the face of evolving cyber threats and the ever-increasing attacks on government and businesses alike. We live in a globally connected world and globally distributed cyber threats. Not restricted by geographical boundaries these threats target all technologies, service providers, and consumers. The threats are at an all-time high, in terms of sophistication and volume, and continue to trend upwards. WHAT IS CYBERSECURITY? Twenty years ago businesses did not think twice about cyber security. In a world of mainframes and dumb terminals with no connectivity to anything outside, viruses, malware, and hacking was unheard of, however, with the introduction of the Internet things have now changed. The term cyber security is getting more and more mixed usage lately, so much so that it is almost as ambiguous as the term "cloud". Cyber security, referred to as information technology security, is the focus on protecting computers, networks, programs, and data from unintended or unauthorized access, change, or destruction. Cyber security also encompasses ten different security domains. The following domains provide a foundation for security practices and principles: • Access Control - to maintain information confidentiality, integrity, and availability, it is important to control access to information. Access controls prevent unauthorized users from retrieving, using, or altering information. They are...
Words: 1611 - Pages: 7
...Crime and Cyber-Crime: Implications for Business Phil Williams, CERT® Coordination Center Introduction The capabilities and opportunities provided by the Internet have transformed many legitimate business activities, augmenting the speed, ease, and range with which transactions can be conducted while also lowering many of the costs. Criminals have also discovered that the Internet can provide new opportunities and multiplier benefits for illicit business. The dark side of the Internet involves not only fraud and theft, pervasive pornography and pedophile rings, but also drug trafficking and criminal organizations that are more concerned about exploitation than the kind of disruption that is the focus of the intruder community. In the virtual world, as in the real world, most criminal activities are initiated by individuals or small groups and can best be understood as “disorganized crime.” Yet there is growing evidence that organized crime groups or mafias are exploiting the new opportunities offered by the Internet. Organized crime and cyber-crime will never be synonymous – most organized crime will continue to operate in the real world rather than the cyber-world and most cyber-crime will continue to be the result of individuals rather than criminal organizations per se. Nevertheless, the degree of overlap between the two phenomena is likely to increase considerably in the next few years. This is something that needs to be recognized by business and government ...
Words: 3403 - Pages: 14
...Alhambra, California Cyber Security Systems By Alvin Canlas (D01621385) Hernando De Leon (D40160634) Arees Dikranian (D01501086) Edward Huron (D01298546) Sandry Kho (D40246297) Chirag Patel (D40152599) Maria Ramirez (D01636860) Jaime Solorzano (D40201380) Submitted in Partial Fulfillment of the Course Requirements for MGMT 404 Project Management Dr. John Lindem October 15, 2014 Executive Summary Information Technology continues to change at a rapid pace. These changes greatly affect the world we live in. Corporate giants such as Target, Home Depot, and Apple have been recent targets of cyber-attacks. To protect customer date we have to constantly adapt to the different style of attacks and adjust to their business technology policies. At Cyber Security Systems (CSS) it is our mission to maintain the continuity of these vital services and preserve the public’s trust in our information systems. In addition, it requires new levels of communication and cooperation among the public and private sector, corporate agencies and departments. Furthermore, it involves protecting our critical infrastructures from intrusion or attack as well as using the infrastructure as a tool with which law-enforcement agencies can gather, analyze and disseminate information. This business plan will provide a vision, purpose, mission and goals for technology at Cyber Security Systems. In addition, it also includes the current organization of Information Technology...
Words: 4839 - Pages: 20
...Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. The terms information security, computer security and information assurance are frequently used interchangeably. These fields are interrelated and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them. These differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms. Governments, military, financial institutions, hospitals, and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers. Should confidential information about a businesses customers or finances or new product line fall into the hands of a competitor, such a breach of security could lead to lost business, law suits or even bankruptcy of the business. Protecting confidential information is a business requirement, and in many cases also an ethical and legal requirement. For the individual, information security has a significant...
Words: 6195 - Pages: 25
...Cyber Security: Physical and Digital Security Measures Abstract Due to the issues associated with cyber security and the appropriate application thereof, this paper will strive to address different cybersecurity measures that may be employed, both physically and digitally. It will identify what cyber security is, measures that may be taken, the tools needed to ensure implementation, and provide information regarding the different resources and programs necessary to work to effect greater success in the application thereof. Keywords: cyber security, physical security, digital security, security measures, definition, tools, resources Cyber Security: Physical and Digital Security Measures Introduction In spite of the increasingly prevalent use of technology in today’s digital world, many organizations find the concept of cyber security to be somewhat of a mystery. As a result of a lack of knowledge or an inability to appropriately apply that knowledge, companies like Target, Home Depot, and even Sony, among others, find themselves faced with security nightmares that could have just as easily been avoided (Yang & Jayakumar, 2014; Home Depot, 2014; Steinberg, 2014). In order to be able to approach cyber security properly, an organization must both have the knowledge necessary to implement a system designed to secure their digitized data and must have the ability to apply that knowledge within the constructs of their systems in order to ensure that a breach does not...
Words: 3485 - Pages: 14
...Moss Bus. 101 1/2/13 Cyber Security Cyber security is defined as actions taken to safeguard information technology or computer systems against unapproved access or attack. Cyber security has become really important for businesses and modern society today. We are living in a world where information technology and other types of communication systems have a great impact on us because they infiltrate every aspect of our lives. This builds a protection of our intangible assets and actions within cyberspace which are of great importance, whether for sustaining a prosperous business, individual life and society. We are becoming more and more dependent upon information technology and the dangers we face are organized and growing. There are numerous threats that involve the cyber world. Among these are the hackers infiltrating into people’s systems and damaging files, viruses that are eliminating the system, individuals using others devices to harm others, someone pocketing your valuable credit card information to make their own purchase. Attacks from hackers and terrorist have prompted the focus on cyber security. Whenever we mention cyber security, we are focused on the prevention, revealing and reaction to attacks and threats having to do with information in your computers. As mentioned by Prof. Moss, IT security threats are more and more focused on the robbery of valuable data. Frequently, there are malicious codes or malware that pass through our security systems when we access...
Words: 1036 - Pages: 5
...UNIVERSITY | Cyber Security | | Patrice Brockington | 4/20/2013 | | Cyber Security The security of online files, applications, documents, consumer information, and organization information are just some of the valued items that need to be secure from cyber threats. Companies and organization that utilize the internet to conduct business know all too well the importance of securing the information and any and all information of those that they do business with. Having some general knowledge of what cyber security is and the importance of it is our purpose in this brief. Cyber security is the “measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack”, as defined by Merriam-Webster.com (Online, 2013). In general practice cyber security is simply securing online information and service systems. If you ever entered your name, address or any personal information online or into some database to win a prize this information is online or somehow accessible via the Internet. It is this type of information that so many millions of people are concerned about if it is secure or not, since it is out on the Internet. “The nation’s critical infrastructure relies heavily on the Internet for everything from submitting taxes, to applying for student loans, to following traffic signals, to even powering our homes” (Government, 2013). This is why cyber security is one of this country’s most important national security priorities...
Words: 645 - Pages: 3
...Cyber Security Student: Maurice Jones Class ISSC461: IT Security: Countermeasures Instructor: Professor Christopher Weppler Date: 2 August 2013 Introduction “In a future conflict, an adversary unable to match our military supremacy on the battlefield might seek to exploit our computer vulnerabilities here at home (President Barack Obama, 2012).” Technology has changed the total lifestyle of people around the world. Here in the United Stated, society’s daily lives revolve around social interaction, economic stability, job security and information dominance. Information Dominance is “the degree of information superiority that allows the possessor to use information systems and capabilities to achieve an operational advantage in a conflict or to control the situation in operations other than war while denying those capabilities to the adversary (US Cyber Command, 2012).” Corporations as well as many of the world’s governments have risen and fallen due to their degree of Information Dominance and Information Security. Cyber-attacks have increased exponentially within the last 10 years. Battlefield lines that were once drawn in the sand no longer exist. Cyber-attacks can occur from any location in the world and at any time. A Cyber-terrorist has the ability to use current communication infrastructure to launch an attack that could cripple a nation. In 2012, Defense Secretary, Leon Panetta spoke at the Business Executives for National Security (BENS) summit....
Words: 3217 - Pages: 13
...Computer security and Network Security is the means by which business and governments are protecting against computer intrusions and attack to prevent loss of data, information and provided services. Everything is now on computers, peoples whole lives are documented on computers. Big business and the government rely on technologies that use computers, whether it is used for storage, a medium between the customers and themselves or actual work. With all this information and data being stored, transferred and used it needs to be secured. A bank is open to the public; you would not have this bank unsecured would you? There would be security guards, cameras, and a vault. The same mentality to secure your data should be implied if you have a network that is connected to the Internet. You should have software, hardware, and/or personnel monitoring your networks operations and security. All computers and systems that connect to the internet or networks run off software of some type. People called hackers or crackers, manipulate programs, create worms, and viruses to make systems do thing there not supposed to, access places they aren’t allowed, and shutdown or hinder a system from working properly (Dasgupta). Then there are attacks, phishing attacks which come in the form of email that try to lead you to fraudulent sites, Denial-of-service attacks overload servers causing no one to get on or shuts them down. Then there are SQL injection attacks which are used in security vulnerable...
Words: 1949 - Pages: 8
