Case Study – Losing Data
Analyze the “Losing Data Hurts” case study following the conclusion of Chapter 9 in the textbook, and then address the prompts below.
- How should a corporation respond to a large-scale loss of customer data?
- How might a corporation be hurt by acknowledging a large-scale data loss?
- As data loss admissions become more widespread, how could they affect consumers’ willingness to share information with corporations?
- How should a corporation decide the appropriate level of resources to devote to securing its data?
- Why is the health care sector such a big target for data thieves?
- Why are corporations worried about insider threats with respect to data loss?
- Why have the incidents of data loss seen a rise in the past few years?
- Determine how using auditing tools can help prevent data losses.
- Determine how to have standard and sufficient policies for securing data.
Organize your information, and present it in a well-organized two-page paper. If outside sources are used, please adhere to APA Style when creating citations and references for this assignment. APA formatting, however, is not necessary.
Textbook
- Boyle, R. J., & Panko, R. R. (2020). Corporate Computer Security (5th ed.). Pearson Education (US).
ORDER A PLAGIARISM-FREE PAPER HERE
We’ll write everything from scratch
Question
Losing Data Hurts: Case Study Analysis
Response to Extensive Loss of Data
In the event of extensive data loss, a corporation should respond quickly and openly to prevent the loss of additional trust. Initial reactions should include notification. It is very important to notify the affected customers as quickly as possible, which VUDU did. The notice given to customers should contain an explanation of the breach, the types of information exposed, and the measures the corporation is taking to rectify the problem. Support and mitigation are another step. Credit monitoring is the best way to safeguard consumers from identity theft and monetary losses. Improving physical and information security controls to help prevent recurrence is also critical. There must be open communication about steps being executed post-breach to reassure customers and stakeholders that a corporation is serious about data security.
Possible Damage from Admitting Data Loss
Data breach admission can be harmful for a corporation in many aspects like the loss of reputation. Making it public can result in the loss of customers’ trust and loyalty, which can affect the brand image and reputation of the company.
Case Study – Losing Data
Secondly, financial burden. The costs of notification, litigation, settlement fines, and potential business loss are high. Lastly, competitive disadvantage. Admission to the loss of data could reveal the possible weakness that could be targeted by competitors.
Impact on Consumer’s Willingness to Share their Information
With the increased frequency of admissions to data loss, consumers might become cautious about revealing their information. This may lead to the following less sharing of data. The consumers become conservative both in terms of volume and sensitivity regarding the information they would now share with corporations, affecting data-driven business models. Customers may also demand better security measures: Increased awareness among consumers may compel corporations to take more stringent measures for data protection to regain and build trust.
Determining Appropriate Level of Resources for Data Security
Corporations should base the level of resources devoted to data security on several factors.
Data Sensitivity
The higher the sensitivity (for example, financial or health-related information), the higher the need for security investments.
Regulatory Requirements
Standard setting by industries defines what compliance measures are necessary for security.
Threat Landscape
Being aware of existing and potential threats guides the best decision-making in the provision of resources to counter them
The Healthcare Sector as a Target
The health sector has remained among the prime targets of cybercriminals because health information has a tremendous value in the black market. Health information might contain vast amounts of personal data, such as social security numbers, insurance information, and medical histories, which may be utilized in ID theft or fraudulent billing. Moreover, health care is an industry that involves very slow adoption of the most advanced security measures, hence a simpler target for cybercriminals. The high volumes of data generated and stored by any healthcare provider, coupled with the urge to access information rapidly to treat a patient, are issues that complicate the situation of security measures by adding vulnerabilities that can be exploited by the attacker.
Issues over Insider threats
Corporations are becoming increasingly concerned about insider threats with respect to the loss of data because employees, contractors, or any other insiders have legitimate access to sensitive data and systems. Insider threats can be due to malicious intentions, such as a disgruntled employee seeking revenge, or due to negligence, such as an employee inadvertently disclosing confidential information. The drop in insider threats, as reported by KPMG (2012), is a welcome trend, but the risk is still very real. Since insiders can bypass security controls against an external threat, unauthorized access to data and its exfiltration can hardly be detected and prevented.
Rise in Cases of Data Loss
The rising rate of incidents of data loss in recent years can be attributed to a few factors. Digitization of information has increased, and organizations are becoming more reliant on cloud services and interconnected systems, increasing their attack surface to cybercriminals. The techniques of cyberattacks have also evolved, with hackers now getting into corporate networks and stealing data in a very sophisticated manner using advanced techniques such as social engineering, phishing, and ransomware. The rise of connected devices to the internet and IoT opened up new vulnerabilities that can be attacked. Moreover, statutory provisions mandating the reporting and disclosure of data breaches have raised public awareness. Accordingly, the incidents are reported, which creates the perception of an upward trend of data loss events.
How Auditing Tool can prevent Data Loss
Auditing tools can prevent data losses by monitoring the users’ and systems’ activities for any undue behavior or security breaches. Modern auditing tools make their user base see who accessed which data and when thus quickly letting organizations respond to anomalies. This means that changes to data and system configurations can be tracked, hence ensuring conformance to security policies and regulatory requirements. The auditing tools also facilitate forensic investigations in the event of a security breach by providing detailed logs of the activities performed by users and indispensable evidence for corrective measures and improvement in policies (Boyle & Panko, 2020).
Developing Data Security Policies
Standard and adequate policies for data security are necessary for preventing data loss. Large enterprises should have fully developed data security policies covering all aspects of data protection, including access controls, encryption, classification of data, and reaction in case of incidents. The policies should, from time to time, be reviewed for updating in view of evolving threats and regulatory changes. Employee training and awareness programs are of much importance to let the staff know their roles and responsibilities toward the safeguarding of data. Besides, an effective risk management framework can help firms identify and reduce these threats, thus lowering the chances of data loss incidents.
References
Boyle, R. J., & Panko, R. R. (2020). Corporate computer security (5th ed.). Pearson Education (US).
KPMG LLP. (2012). Data Loss Barometer: A Global Insight into Lost and Stolen Information. http://www.kpmg.com/UK/en/IssuesAndInsights/ArticlesPublications/Documents/PDF/Advisory/data-loss-barometer-2012.pdf
Complete the order form and upload all of your files, including any instructions, rubrics, or other materials provided by your instructor. 
Complete the order payment after filling in the order form. We’ll receive your order and assign it to a writer.
The assigned writer will complete your paper and forward it to our Editing Team for review and approval.
Once approved by the editor, the completed paper will be uploaded to your account for you to download, review and approve.