Expert answer:WikiLeaks Case Study

  

Solved by verified expert:CRITICAL THINKING ASSIGNMENT WikiLeaks Case StudyRead the following WikiLeaks case study (linked below and also available through ProQuest in the library).Ryst, S. (2011). WikiLeaks fuels data breach fears. Business Insurance, 45(1), 1-20.The disclosures at WikiLeaks have raised significant concerns about the damage caused by leaks. Some claim that in many ways, the Wiki Leaks founder, Julian Assange, was terrorizing nation states and corporations.What corporate and/or national policy initiative do you think should be put in place in Saudi Arabia to curb such forms of cyberterrorism?Directions:Your paper should be 2-3 pages in length, not including the title or reference pages.Be sure to provide citations from your readings and additional research to support your statements.Your paper must follow Saudi Electronic University academic writing standards and APA style guidelines, as appropriate.You are strongly encouraged to submit all assignments to the Turnitin Originality Check prior to submitting them to your instructor for grading. If you are unsure how to submit an assignment to the Originality Check tool, review the Turnitin Originality Check Student Guide.
proquestdocuments_2018_04_26__1_.pdf

Unformatted Attachment Preview

Don't use plagiarized sources. Get Your Custom Essay on
Expert answer:WikiLeaks Case Study
Just from $10/Page
Order Essay

WikiLeaks fuels data breach fears
Ryst, Sonja . Business Insurance ; Chicago Vol. 45, Iss. 1, (Jan 3, 2011): 1.
ProQuest document link
ABSTRACT
Recent headline-grabbing leaks by WikiLeaks again have highlighted for companies the complex and fast-changing
nature of cyber risk exposures. Although the highest-profile information released by the company has centered on
government documents, concerns have been raised about corporations also becoming the target of potentially
damaging information leaks. Some say the WikiLeaks affair offers lessons for companies in how to avoid the
release of potentially damaging information. Bryan Sartin, director, investigative response and forensics team,
Verizon Business, recommends that companies first consider what data they have and why they have it.
Depending on the business involved, some might not need to maintain their customers’ identifying information
after a transaction is processed. Monitoring employees’ system use also can help identify problems, some experts
say. Khalid Kark, analyst, Forrester Research Inc, recommends that companies use many layers of security rather
than relying on only one.
FULL TEXT
Headnote
Managing systems, employee risks vital
Could you get WikiLeaked? Recent headline-grabbing leaks by the controversial website again have highlighted for
companies the complex and fast-changing nature of cyber risk exposures. Although the highest-profile information
released by WikiLeaks has centered on government documents, concerns have been raised about corporations
also becoming the target of potentially damaging information leaks. For example, Wiki-Leaks founder Julian
Assange told the Times of London in recent weeks that he had enough information to make the head of a major
bank resign. Amid speculation about the identity of that bank, the Charlotte Observer reported in an article titled
“Cloud of Suspense Surrounds Bank of America, WikiLeaks” that Charlotte-based Bank of America Corp. recently
increased its internal security, taking steps to block access to websites such as Google’s e-mail application, Gmail,
on company laptops. A Bank of America spokesman referred a request for an interview to a colleague, who did not
respond. “Every security incident that you hear about makes you think twice about what you’re doing to defend
against those things yourself,” said Steve Elefant, chief information officer at the Princeton, N.J., card payment
processor Heartland Payment Systems Inc. Mr. Elefant was hired to tighten up Heartland’s information security
after it suffered a costly data breach in 2008. Several individuals were indicted in August 2009 for stealing data
from Heartland and others related to more than 130 million credit and debit cards. The company ultimately paid
around $140 million in data breach-related fines and settlements, though it was able to recover tens of millions in
insurance proceeds, Mr. Elefant said. Heartland has made changes designed to protect it against further data
breaches, including end-to-end data encryption and other steps that make it much more difficult, if not impossible,
to get from its corporate network into the payment network, where transactions are processed. The networks now
are more segmented, physically and logically, so that type of communication can’t take place. “There’s more
awareness about (data breach prevention) among companies,” said Nicolas Christin, associate director at the
Information Networking Institute at Carnegie Mellon University in Pittsburgh. “They’ve clarified their policies with
respect to data breaches, and they’ve made it clear to their employees that this can be a potential problem,” he
said. Some say the WikiLeaks affair offers lessons for companies in how to avoid the release of potentially
PDF GENERATED BY SEARCH.PROQUEST.COM
Page 1 of 4
damaging information. Bo Holland, founder and CEO of the identity protection network Debix Inc. in Austin, Texas,
said existing data regulations are centered around protecting consumers’ information, such as Social Security and
credit card numbers, rather than protecting corporate intellectual property. “WikiLeaks, I think, has done a lot to
raise attention to this issue, but the government regulations aren’t focused in that direction,” Mr. Holland said.
Harlan Loeb, director of U.S. crisis and issues management at the public relations firm Edelman Inc., said
companies should attempt to understand employee concerns and head off problems that might drive the staff to
leak information to third parties. Mr. Loeb cited the example of an energy company that had contacted him after an
employee threatened to disclose damaging information to the press. The employee had raised his concerns about
a pricing issue three or four times to his manager, who essentially ignored him, Mr. Loeb said. The company’s chief
financial officer intervened, dealing directly with the employee to address what was a misunderstanding. “The
manager was so driven by his ego about being questioned that he missed the opportunity to explain something
straightforward,” Mr. Loeb said. Nearly half of data breaches involve insiders, and nearly one-quarter of those
involve individuals who recently experienced a job change, such as termination, resignation or demotion, according
to the “2010 Data Breach Report” from Verizon Business and the U.S. Secret Service. In addition, roughly half of the
breaches in 2009 involved the use of organizational resources or privileges for purposes contrary to those
intended-actions typically done in ignorance of policy or for the sake of convenience, personal gain or malice,
according to the report. Managing data risks In addition to being sensitive to employee concerns, companies can
take various steps to keep closer tabs on their information-and those handling it. Bryan Sartin, director of the
investigative response and forensics team at Verizon Business, recommends that companies first consider what
data they have and why they have it. Depending on the business involved, some might not need to maintain their
customers’ identifying information after a transaction is processed. For example, some companies use a system in
which information from customer credit card transactions is sent out to a so-called black box maintained by a
third-party service provider, which then sends it onward to the payment processor for authorization and
settlement. Customer credit card data, therefore, never resides in the company’s own computer systems. When
sensitive data must be maintained, proper training of employees is vital, experts say. Daniel Groszkruger, a risk
manager at Stanford University Medical Center in Palo Alto, Calif., said his team emphasizes the need for training
to include lessons on importance of keeping patient information confidential. “Employees, particularly new ones,
could be ignorant about the risk and almost innocently disclose information that they shouldn’t,” he said. Kevin
Kalinich, national managing director for cyber liability for Aon Risk Solutions, a unit of Chicago-based Aon Corp.,
said companies often mistakenly assume their employees will cooperate on cyber security procedures. For
example, the information technology department might make sure nobody can get onto computer networks
without a password, but such steps are lacking if employees never bother to change their default passwords into
something that is less easily hacked. To solve that problem, the company might make its computer system lock
people out unless they change their passwords every 90 days-but then more than one-fifth of the staff will begin
writing their passwords on sticky notes to leave in plain sight near their monitors, he said. The “most common
mistake” is inadequate education and monitoring of employees, Mr. Kalinich said. Monitoring employees’ system
use also can help identify problems, some experts say. Mr. Sartin said he recently met with a company that made a
list of the top 10 Internet users in the company-measured by time spent online-and asked those employees why
they were using the Internet so much. “Something that simple will probably spread the word fast that Big Brother is
watching” the staff’s network activity, Mr. Sartin said. Monitoring essential Mr. Sartin said many companies invest
in resources to enable monitoring, but then they check their logs only for trouble-shooting. Better monitoring, he
noted, can help identify problems. “Security monitoring is never something done proactively,” he said. “It always
happens reactively to a problem.” Most of the time, Mr. Sartin’s team doesn’t even need to do forensics to figure
out why a company had a data breach, and instead they end up finding evidence of little problems in the logs that
the clients hadn’t recognized for many months. For example, he said that examining network logs might reveal
suspicious outbound traffic, such as a heavy amount of data being transferred to the same Internet Protocol
address every day between 2 a.m. and 3 a.m. Or someone might have connected to the corporate network from a
PDF GENERATED BY SEARCH.PROQUEST.COM
Page 2 of 4
country where the company has no employees. There are a plethora of security services and tools to help
companies prevent unauthorized access and misuse of their information, but companies need to think carefully
before just throwing money at a problem, some caution. “Many security managers proudly exhibit the latest and
greatest security tool. You may have bought cutting-edge technology with lots of bells and whistles, but don’t
assume that it will automatically protect you from changing threats,” Khalid Kark, analyst at Cambridge, Mass.based information technology research firm Forrester Research Inc., said in an August research note. He
recommends that companies use many layers of security rather than relying on only one. “You always need
complementary people, process and technology controls,” he said.
DETAILS
Subject:
Leaking of information; Data integrity; Risk management; Electronic monitoring;
Guidelines
Location:
United States–US
Classification:
9190: United States; 5140: Security management; 5220: Information technology
management; 9150: Guidelines
Publication title:
Business Insurance; Chicago
Volume:
45
Issue:
1
Pages:
1
Number of pages:
1
Publication year:
2011
Publication date:
Jan 3, 2011
Publisher:
Crain Communications, Incorporated
Place of publication:
Chicago
Country of publication:
United States, Chicago
Publication subject:
Insurance, Business And Economics
ISSN:
00076864
CODEN:
BUINEW
Source type:
Trade Journals
Language of publication:
English
PDF GENERATED BY SEARCH.PROQUEST.COM
Page 3 of 4
Document type:
Feature
ProQuest document ID:
839762239
Document URL:
https://search.proquest.com/docview/839762239?accountid=142908
Copyright:
Copyright Crain Communications, Incorporated Jan 3, 2011
Last updated:
2011-01-17
Database:
ProQuest Central
Database copyright  2018 ProQuest LLC. All rights reserved.
Terms and Conditions
Contact ProQuest
PDF GENERATED BY SEARCH.PROQUEST.COM
Page 4 of 4

Purchase answer to see full
attachment

Place your order
(550 words)

Approximate price: $22

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more

Order your essay today and save 30% with the discount code ESSAYSHELP