Case Study: Security Audit and Testing of Fortius Hotel Data Breach

Verified

Added on 2022/08/29

AI Summary

This report presents a security audit and analysis of the Fortius Hotel data breach, examining the legal, ethical, and social implications of the incident. The breach, which compromised customer data including credit card and passport information, is explored in terms of its impact on customers and the company's reputation. The report identifies security concerns such as network weaknesses, lack of proper security policies, inadequate encryption, and insufficient employee training. It discusses tools like Paessler PRTG Network Monitor and Nmap for network mapping and vulnerability scanning. Recommendations include implementing firewalls, developing comprehensive security policies, encrypting data securely, training employees, and installing robust security software to prevent future data breaches. The report emphasizes the importance of the CIA triad (confidentiality, integrity, and availability) and the need for proactive security measures to protect sensitive customer information.

Running head: SECURITY AUDIT AND TESTING
SECURITY AUDIT AND TESTING
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1SECURITY AUDIT AND TESTING
Discussions
1. A breach of data is the unintentional or intentional release or secure information to an
environment that is not trusted. The data breach is also known as the data leak, leakage of
information and data spill. The article deals with the data breach of Fortius chain of
hotels. There are various ethical, legal and social implications those are related to the data
breach of Fortius.
Legal implications
The data breach of the Fortius chain of hotels has harmful impacts of the customers of the
hotels as their personal details and credit cards number were stolen. There are several legal
implications behind the data breach of the hotels. When the data or the security is breached,
the company could be open to a lawsuit that is civil. This means that that the management or
the owner of the company should hire a lawyer and at the same time, other security measures
such as the communication with the customers that their data has been stolen. The company
should hire a lawyer in order to prevent litigation that is unwanted, but the lawyer must have
appropriate knowledge about the problems (Beaudin 2017). The company should contact
various professionals in order to affect a plan of controlling the harm from the data breach.
This can avoid a lawsuit with the customers those are angry as their data has been stolen and
the liability from the actions of the employees. There are data breach laws that says that the
companies should report data beaches within 30 days and if any company wilfully and
intentionally conceals a data breach then they will be penalised and the management of the
company can go jail.
Ethical implications
The organization should uphold the confidentiality and the integrity of the information of the
customers. It is very important for the Fortius Company because due to this data breach, the

2SECURITY AUDIT AND TESTING
hackers have stolen all the personal information and the credit card numbers. Here, the ethical
considerations come into play. The customers have trusted the company and provided them
with their personal information and the credit card numbers. The company should have some
ethics and protected their informations. The company should have thought that they have all
the information of the customers and they should properly safeguard the sensitive information
(Gupta 2018). However, they did not do so and the informations and the credit card numbers
were hacked. The company should have followed the CIA triad that is confidentiality,
integrity and the availability of the information. They should have properly protected the data
of their customers. The hackers do not have ethics, this is why they have hacked the database
of the Fortius Company and they have breached the data.
Social Implications
The social implications of the data breach of the Fortius Company are that the customers will
lose trust in the company and the reputation of the company will be damaged. Loss of
confidence and the views of the customers towards the company will leave a dark cloud on
the reputation of the company and it will create complications those are long term (Curtis et
al 2018). The breach had a damaging affect on the customers of the company. The passport
and the credit card numbers of the people were stolen and it had personal affects those were
disastrous. The hackers with the help of the credit card numbers and the passport numbers
can perform identity theft and can take out money from their bank accounts. This is one of
the most critical social implications of the data breach.
2. The tools that can be used by the company in order to recognise the network include
Paessler PRTG Network Monitor and Nmap. The company can use the Paessler PRTG
network monitor in order to recognise map the network of the Fortius Company (Mistry
et al 2016). This tool of network monitoring can help the Company to make sure that the

3SECURITY AUDIT AND TESTING
systems of the computer are running smoothly. PRTG will help to administer the servers,
the applications of the company and the network of the Fortius Company. It utilises
SNMP in order to map and track changes in the network.
The Nmap or Network Mapper is an open source tools that can be used by the Fortius
Company for the scanning of vulnerability of the company and the discovery of network. The
administrators of network of the company can use Nmap in order to recognise the devices
running on the network, identifications of hosts, discovering the open ports and detection of
the risks of security (Lyon 2016). The company can use this software for the security audit
and this will help the company from further data breach
3. The security concerns of the company include network weakness of the company, proper
security policy in the company, appropriate encryption of the information of the
information of the customers, proper training of the employees and updated security
softwares.
The company has no security in its network and that is the reason the hackers have entered
the network and breached the data (Jian 2018). The company must implement firewalls in the
network so that they can minimize the traffic and prevent unauthorized access. The company
must do this primary security
The company do not have proper security policies and this is an important security concern of
the company (Safa, Von Solms and Furnell 2016). The company must devise proper security
policy that should consist several other policies such as password policies, access control
policies and many more.
The company has properly encrypted the information of the customers and the keys were
stored on the same server. This made the data breach easier. The company must properly

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4SECURITY AUDIT AND TESTING
encrypt the data with the help of digital signatures and the key of the encryptions must be
stored on different servers.
From the data breach, it can be concluded that the employees of the Fortius Company do not
have proper training regarding the data breach. It can be recommended to the company to
provide training to the employees regarding the data breach and measures that must be taken
against them.
From the data breach, it can be inferred that the company does not have strong security
software (Kumar et al 2017). It can be recommended to the company to install software of
security such as anti spyware, anti ransomware and many more and should install patches in
the applications and timely update the softwares.

5SECURITY AUDIT AND TESTING
References
Beaudin, K., 2017. The Legal Implications of Storing Student Data: Preparing for and
Responding to Data Breaches. New Directions for Institutional Research, 2016(172), pp.37-
48.
Curtis, S.R., Carre, J.R. and Jones, D.N., 2018. Consumer security behaviors and trust
following a data breach. Managerial Auditing Journal.
Gupta, A., 2018. The Evolution Of Fraud: Ethical Implications In The Age Of Large-Scale
Data Breaches And Widespread Artificial Intelligence Solutions Deployment. International
Telecommunication Union Journal, 1, pp.0-7.
Jian, Z.H.A.N.G., 2018. The Application of Firewall Technology in Computer Network
Security. Modern Information Technology, (5), p.67.
Kumar, S.V., Yashashwini, V., Anusha Pai, G. and Yuvaraju, B.N., 2017. SECURITY OF
THE NETWORK BASED ON DURATION OF ATTACKS. Int’l research Journal of
Engineering and Technology (IRJET), 4(4), pp.2315-2318.
Lyon, G., 2016. Nmap: The network mapper–Free security scanner. Nmap. org.
Mistry, D., Modi, P., Deokule, K., Patel, A., Patki, H. and Abuzaghleh, O., 2016, April.
Network traffic measurement and analysis. In 2016 IEEE Long Island Systems, Applications
and Technology Conference (LISAT) (pp. 1-7). IEEE.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance
model in organizations. computers & security, 56, pp.70-82.