The Necessary Security Procedures

Added on -2020-02-19

| 11 pages| 2541 words| 50 views

Trusted by 2+ million users,
1000+ happy students everyday

Showing pages 1 to 4 of 11 pages

Running head: INFORMATION SECURITYAssessment [Student Name Here][Institution’s Name Here] [Professor’s Name Here][Date Here]
INFORMATION SECURITY2Table of ContentsPart A: Verizon attack (July 21).......................................................3What was the problem?......................................................................3How and why it occurred...................................................................4Solution..............................................................................................5Part B: Ransomware attack (May 2017)..........................................5The problem.......................................................................................6Those affected and how.....................................................................6How the attack took place..................................................................7Solution..............................................................................................8References..........................................................................................10
INFORMATION SECURITY3Part A: Verizon attack (July 21)Earlier on in the year, Verizon the telecommunication company was subject to one of thebiggest data breaches in the world. The company’s systems were severely exposed whichleaked millions of records owned by the company’s customers. The company, however, didassure its customers that the attack did not present any serious threat as it was contained andisolated based on their operational systems[ CITATION Pac17 \l 2057 ].What was the problem?Verizon has for many years offered telecommunication services to customers and withmobile communication on the rise, its services have had an increased application which hassubsequently increased the data the company accesses. This data was fairly exposed aftersome systems owned by the organization was left unattended lacking the necessary securityprocedures. At the start of the breach, investigators highlighted that records owned by 6million customers were exposed. However, this number later doubled and increased beyondthis number as highlighted by independent research investigations. In the final estimate, theleak claimed over 14 million victims as their information was publicly available to the public[CITATION Dea171 \l 2057 ].In essence, the data breach affected the customer service department where clients regularlycontacted to have their queries and problems solved. This leak was therefore outlined to haveaffected all customers who had been in touch with the company in the six months prior to thedata leak. Moreover, the leak was contained to the department as isolated systems were usedto control the customer care service as compared to all other services. Nevertheless, the leakexposed a fair amount of sensitive information including addresses, names and contactdetails. Moreover, some customers access pins were exposed as they had been used themduring the communication exercise[ CITATION Ver171 \l 2057 ].
INFORMATION SECURITY4How and why it occurredImmediately after the breach was discovered by an independent researcher, Verizon placedfull blame for the breach on an independent service provider who had been contracted tohandle the customer care facilities. In their statements, Verizon highlighted a company by thename Nice Systems as the responsible party in the events that unfolded. Furthermore, theorganization had been using a cloud facility hosted by Amazon Web Service (AWS) whichhelped integrate all the communications between its customers and itself. Now, it was Niceresponsibility to maintain and regulate the operations of the cloud server, a duty that theyfailed and which led to the leak[ CITATION McA17 \l 2057 ].On Nice Systems behalf, the company’s outcome was propagated by a negligent employeewho failed to secure the cloud infrastructure which left all the data stored in the AWS serversexposed. The leak uncovered a lot of information which led to the discovery of the amount ofinformation entrusted to a third party member who had no direct contact with the customerthemselves. Moreover, after several investigations were conducted, the leak was discoveredto have exposed the company’s log records where each and every communication wasoutlined. These log records contained unencrypted information that was available to thepublic in clear text format which also accounted for minimal redactions as it was earlierthought. In the end, records containing contact information, access PINS and customers’account balance was exposed [ CITATION Kum17 \l 2057 ].Vulnerability used: Although cloud services are easy to maintain and manage, their securitypolicies require intricate procedures to secure their structures and infrastructures. ForVerizon, these procedures were not implemented at the time of the breach which highlightedthe failure of the organization as its actions (sub-contracting another company) led to theproblem. Moreover, the parties involved also facilitated the attack as there was minimalaccountability based on the hands that the information was exchanged. The data was

Found this document preview useful?

You are reading a preview
Upload your documents to download
or
Become a Desklib member to get accesss

Premium

$45

Q&A Library Access

Chat support

12

Document Unlocks

4

Answer Unlocks

Students who viewed this