Case Study – Sony Pictures “The Criminal Won”
Responding to an anonymous threat found on the internet and the elements I would require before canceling the film
The most reasonable way to respond to an anonymous threat found on the internet in this scenario is by improving security, which would entail developing a security strategy, improving infrastructure, developing policies, and training company staff (Pearlson & Saunders, 2016). A security strategy would be the top priority and would involve setting up strong internal security controls. This would help in ensuring that the threat is eliminated successfully and that future similar threats are prevented. The main internal security controls that should be put into consideration are preventative, detective, and corrective controls. Preventative controls focus on preventing the occurrence of a security threat. Musa (2018) argues that detective controls focus on detecting a threat so that it can be eliminated before it causes a lot of damage to the organization, while corrective controls focus on controlling a threat by conducting software modifications, enacting new policies, and taking disciplinary action against those involved in causing the threat.
Canceling a film is a huge decision that requires a thorough review and reconsideration to ensure that there are no regrets after the decision is made. One of the elements that I would require before canceling the film if I were Sony’s CEO is to gather evidence to prove that there was a breach in the company’s security. Another element is whether the threat has any serious long-term impacts on the company’s production and whether it can be effectively eliminated to ensure that the film is produced as planned. If I were the CEO of a chain of theaters, I would focus on delaying the film’s release to ensure that there is enough time to determine whether the threat is valid or not. I would also request Sony to provide information on the findings of their security assessment to determine whether the evidence they have is strong enough to cancel the film.
Recommended access and data protection controls to offer better security for unreleased digital films and e-mails
Sony needs to consider various access and data protection controls to offer better security for unreleased e-mails and digital films. One of them is providing security training to its staff to ensure that they are aware of the procedures they need to follow to prevent security threats. The training should also include information on how to detect a threat and eliminate it before it interferes with the systems in the organization. The second set of access and data protection controls that Sony could implement is setting up a policy that bans company users from accessing the company servers with their personal computers. The third protocol is setting up firewalls preventing access to the company servers from external sources. According to Keyser (2018), firewalls need to be strong enough to withstand any attack, including internal attacks that may be caused by employees’ activities, such as accessing unprotected internet sites using company computers.
The approach I would use to break into Sony’s systems and the most important SETA elements for preventing future hacker attacks against other media firms or Sony
In the current digital world, breaking into a company’s system is easier when a hacker focuses on taking advantage of the curiosity of internet users. I would therefore consider phishing attacks to gain access to Sony’s system. My approach would be sending e-mails to employees with links that redirect them to their sites, and once they click on the link, I can access their personal information. I can then use this information to access their computers and gain access to Sony’s system.
Given Sony’s vulnerability to security threats due to the company’s continued growth in the entertainment industry, there is a need to stay prepared on how to deal with future attacks. The most vital SETA features that would be considered to counteract attacks against Sony or other media firms in the future are security awareness and training. Security training should focus on providing information on how to detect and prevent security attacks, while security awareness should focus on the different types of security threats that a company may be exposed to.
References
Keyser, T. (2018). Access controls. The Information Governance Toolkit, 78-82. https://doi.org/10.1201/9781315385488-19
Musa, N. (2018). A conceptual framework of IT security governance and internal controls. 2018 Cyber Resilience Conference (CRC). https://doi.org/10.1109/cr.2018.8626831
Pearlson, K., & Saunders, C. (2016). Managing and Using Information System. John Wiley & Sons.
ORDER A PLAGIARISM-FREE PAPER HERE
We’ll write everything from scratch
Question 
Case Study – Sony Pictures
Case Study 7-2: Sony Pictures” The Criminal Won. Please read the case at the end of Chapter 7 (Page 164). Please answer all questions at the end of the case (see below). This should be at least two full double-spaced pages. Use APA formatting to reference your textbook and at least one additional scholarly source to demonstrate critical thinking. See the assignment rubric for how you will be graded. Here, you will find some practical information about APA style and formatting and how to use APA in your assignments and discussions. http://berkeleycollege.libguides.com/APA (Links to an external site.)Links to an external site.
Case Study Questions
Setting aside the political issues between North Korea and the United States, is there a reasonable way to respond to an anonymous threat found on the Internet somewhere? What elements would you require before canceling the film if you were Sony’s CEO? If you were CEO of a chain of theaters?
What access and data protection controls would you recommend Sony use to provide better security for unreleased digital films and e-mails?
If you were a hacker, what approach would you have used to break into Sony’s system? What do you think are the most important SETA elements to prevent future hacker attacks against Sony or other media firms?
Complete the order form and upload all of your files, including any instructions, rubrics, or other materials provided by your instructor. 
Complete the order payment after filling in the order form. We’ll receive your order and assign it to a writer.
The assigned writer will complete your paper and forward it to our Editing Team for review and approval.
Once approved by the editor, the completed paper will be uploaded to your account for you to download, review and approve.