Re: NIIT_MIS_FALL_2007 Assignment 2 by nawab ali
Ahmad Ali
Ahmad Ali Gul
Reg#115
In the case study given to us 'Boss, I Think Someone Stole Our Customer Data', we see how the top administration of an electronics company that finds itself a victim of a security breach, one that seems to invite lawsuits from customers, investors, and banks and a long-lasting stain on the reputation and trust established by the company with its customers.
After reading the case study, I've a few points to add:
For the administration Flayton Electronics as well as many other such companies out there, information security is a new domain and different from the conventional concept of security. Dealing with it therefore means the company should have the knowledge, the infrastructure and the expertise in information security and also an effective strategy to minimize losses incase such a breach may occur.
According to the case study Flayton Electronic had not fully complied to the PCI security standards, but we also realize that a silver bullet for all information security issues does not exist in a world where hacking has evolved into becoming one of the largest organized crime with access to cutting edge tools and skills.
The case also shows that the company lacked the appropriate expertise in the information security field, in my opinion they should have hired the expertise from an information security consultancy firm, if not dedicating a separate department for the purpose.
Brett should have formulated a crisis management team to immediately deal with the problem, curtail the losses and formulate a recovery strategy. And in the long run a security taskforce that would have better ties with the banks and the authorities so that an incident like this can be identified even sooner possibly helping in catching the ones responsible for it.
We must also consider the organizational structure and the level of access each employee has to the information that can be of value to any outside party, this can be implemented using encapsulation and modular/custom vies for all employees of the company to make sure no one has more access to the information than he needs to.
Regular background checks should have been performed and security clearance issued for all employees on regular basis.
The idea of educating and training the employees of the company, to make them aware of the perils of information security is also important.
I agree with John Philip's note on how appropriate customer handling can lessen the loss to the repute of the company and as a consequence turn affected customers more loyal (when they know the company takes its security seriously and prioritizes its customers above all else ).
From: "ali.n...@gmail.com" <ali.n...@gmail.com>
To: MIS_NIIT_FALL_2007 <mis_niit_...@googlegroups.com>
Sent: Thursday, October 4, 2007 5:51:12 PM
Subject: NIIT_MIS_FALL_2007 Assignment 2 by nawab ali
Nawab Ali
BIT 7
"Boss, I Think Someone Stole Our Customer Data"
This case study is discussing the
security issues faced by company " Flayton Electronics ". The
company's customer data has been illegally stolen by someone. The
company's vice president "Laurie Benson "is really worried about the
loss and dicussing with the company's security chief and the human
resource manager.
"My Views about the Case Study"
I concluded following points from the case study
1. Someone has stolen the credit card information, social security
number, bank account number and even hacked e-mail addresses of the
customers which show that company is not taking care of the customer
data or breached has occurred du to the internal culprits in the
company. In my view the company should have check over the internal
and external malacious attackers.
2. The company should have proper "Crisis Management" .
3. Proper steps should be taken for the data security.
4. Customer should be given the proper assesments for the mistakes
done by the company's authorties which cause loss to the
customer.
5.Skilled people for managing the electronic data should be hired by
the company.
6. Proper firewall for the computers providing online data should be
provided.
A company should provide proper secuirty for the
data, crisis management and customer care should be provided by the
company.
Got a little couch potato?
Check out fun summer activities for kids.
Ijaz Ahmad Qureshi
Hello Mr. Nawab,
Thank you, totally agree that lack of expertise by Laurie and check/balance has been an issue.
Thanks,
Ijaz