University Case Study: Facebook's Data Breach and InfoSec Awareness

Verified

Added on 2023/05/28

AI Summary

This case study examines the Facebook data breach of 2018, which exposed the personal information of over 87 million users, highlighting significant vulnerabilities in the platform's security infrastructure. The study explores the context of the breach, detailing how attackers exploited weaknesses in Facebook's code to access user accounts and data. It analyzes Mark Zuckerberg's response, including his public apology and acknowledgement of insufficient information security awareness programs within the company. The analysis references the importance of a robust information security awareness program, including the need for clearer privacy policies, interactive user sessions, and stronger encryption measures. The study emphasizes the critical need for social networking sites to prioritize the security of user data and the proactive measures that should be taken to prevent future breaches. It also evaluates the significance of gap analysis to identify and address program deficiencies.

Running head: FACEBOOK AND MARK ZUCKERBERG
Facebook and Mark Zuckerberg Recent Case Study
Name of the Student
Name of the University
Author’s Note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
FACEBOOK AND MARK ZUCKERBERG
Table of Contents
Introduction................................................................................................................................2
Literature Review.......................................................................................................................2
Brief Idea of Case Study........................................................................................................2
Information Security Awareness............................................................................................2
Conclusion..................................................................................................................................4
References..................................................................................................................................5

2
FACEBOOK AND MARK ZUCKERBERG
Introduction
Information security or InfoSec is a practice to prevent any type of unauthorized
access, utilization, disclosure, modification, disruption, inspection, destruction as well as
recording of information (van Loenen, 2015). This information could eventually take any
form like physical or electronic. The major focus on the information security is to balance the
protection of CIA triad. The following literature review will be explaining about the recent
case of data leakage in Facebook and the point of view of Mark Zuckerberg regarding
information security awareness.
Literature Review
Brief Idea of Case Study
According to Isaac and Frenkel (2018), in September 2018, Facebook was accused of
getting a network expose after leaking the personal information for more than 87 million
users. This breach is considered as the largest breach in the 14 year history of this web site.
The respective attackers have exploited a characteristic within the code of Facebook for the
purpose of gaining subsequent access to the user’s accounts and then potentially taking
control of the features. The senior executives had testified various times in this year and some
of the law makers provided suggestions that the government would require in stepping into
the matter when the social networking web site could not get a tight control of the services.
Mark Zuckerberg, the CEO of Facebook began a two day congressional inquisition on
Tuesday with a public apology for the scandal of data leakage.
Information Security Awareness
As per CRAAP test evaluation, Peltier (2013) has stated the correct ideologies in his
book with the proper explanation that information security awareness is the evolving part of
the information security, which majorly focuses on the raising consciousness about every

3
FACEBOOK AND MARK ZUCKERBERG
potential threat for rapid evolving form of sensitive data that targets the human behaviour.
Since, these threats have exceeded in the technological world and the information increasing
the value, all of the hackers could increase the capabilities and then expanded to the broader
intentions or acting on the diversified motives. Since, the processes and controls of
information security could be matured properly, the attacks could mature to circumvent these
procedures or controls (Kajzer et al., 2014). This type of awareness could easily detect any
type of issue or breach of information security within the organization and hence is termed as
one of the most significant requirements for any organization or web site.
The Facebook data leakage case study clearly demonstrated the importance of
information security awareness for social networking sites. After checking the validity and
accuracy of Tsohou et al. (2015) by CRAAP test, it is being evaluated that the confidential
data of more than 87 million users were being leaked in public and thus the web site of
Facebook was at major threat. Due to the lack of information security awareness, the
attackers were being able to crack the security code and obtain the relevant and sensitive data.
The CEO of Facebook, Mark Zuckerberg has apologised regarding the data leakage scandal
and has admitted of the lack of information security awareness program within his web site.
This type of awareness program comprises awareness regarding data, user’s conduct, social
media, utilization of mobile phones, phishing electronic mails and various kinds of malware
and viruses (Crossler et al., 2013). Furthermore, the privacy policies were also extremely
complicated and hence the diversified 87 million users and failed in understanding the
regulations of Facebook. The privacy policies should be absolutely clear, short and more
standardize for the purpose of enabling better comparison or comprehension of various
privacy practices.
Facebook could even create the interactive sessions with the users for discussing
about the threats and security. The encryption layer of this social networking site was much

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
FACEBOOK AND MARK ZUCKERBERG
weaker than expected and hence the SSL or secure sockets layer was easily cracked by the
attackers or hackers and the data got leaked (Isaac & Frenkel, 2018). The awareness program
of information security is highly required in this particular scenario for making the data more
secured from several attempts. Mark Zuckerberg should hire security authorities for
performing gap analysis to find out the program deficiencies.
Conclusion
Therefore, from the above discussion, it can be concluded information security
awareness is one of the most important and significant requirements for a social networking
site. Since, this type of web sites is responsible for storing confidential information and data
of several users. However, recently the data of more than 87 million users of Facebook were
being leaked in the cloud and hence the information security of those data were at stake. The
above literature review has properly described about the information security awareness of
this particular case study of Facebook with the point of view of Mark Zuckerberg.

5
FACEBOOK AND MARK ZUCKERBERG
References
Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R.
(2013). Future directions for behavioral information security research. computers &
security, 32, 90-101.
Isaac, M., & Frenkel, S. (2018). Facebook Security Breach Exposes. Retrieved from
https://www.nytimes.com/2018/09/28/technology/facebook-hack-data-breach.html
Kajzer, M., D'Arcy, J., Crowell, C. R., Striegel, A., & Van Bruggen, D. (2014). An
exploratory investigation of message-person congruence in information security
awareness campaigns. Computers & security, 43, 64-76.
Peltier, T. R. (2013). Information security fundamentals. CRC Press.
Tsohou, A., Karyda, M., Kokolakis, S., & Kiountouzis, E. (2015). Managing the introduction
of information security awareness programmes in organisations. European Journal of
Information Systems, 24(1), 38-58.
van Loenen, J. (2015). Information security awareness. Research World, 2015(54), 53-53.