7116IBA Data Resource Management: JPMorgan Data Breach Report
VerifiedAdded on 2022/10/04
|17
|4250
|13
Report
AI Summary
This academic paper delves into the critical issues surrounding Data Resource Management (DRM), specifically addressing the challenge of data breaches. The paper initiates with an overview of the significance of DRM in the context of modern information technology, highlighting the vulnerability of personal data. A literature review provides an in-depth analysis of data breaches, with a particular focus on the case of JPMorgan. The paper then presents the outcomes of these data breaches, as they pertain to JPMorgan, along with a discussion of potential solutions and preventative measures. The paper includes a case study of JPMorgan, which provides real-world examples of data breaches. It explores various solutions that can be used by JPMorgan to protect against data breaches, emphasizing the importance of data segregation, the Principle of Least Privilege, investing in security programs, and providing security awareness training. The paper concludes with suggestions for future work in the realm of data security and management, offering a comprehensive perspective on the topic.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: DATA RESOURCE MANAGEMENT/71161BA
DATA RESOURCE MANAGEMENT/71161BA
Name of the Student
Name of the University
Author Note
DATA RESOURCE MANAGEMENT/71161BA
Name of the Student
Name of the University
Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1DATA RESOURCE MANAGEMENT/71161BA
Table of Contents
Introduction......................................................................................................................................3
Literature review..............................................................................................................................3
Results..............................................................................................................................................7
Suggestions for future work.............................................................................................................8
Conclusion.....................................................................................................................................12
Table of Contents
Introduction......................................................................................................................................3
Literature review..............................................................................................................................3
Results..............................................................................................................................................7
Suggestions for future work.............................................................................................................8
Conclusion.....................................................................................................................................12
2DATA RESOURCE MANAGEMENT/71161BA
Abstract
This academic paper describes the issues related to Data Resource Management. In this
particular, the chosen issue for DRM is Data breaches. In this paper a literature review of data
breaches is discussed for JPMorgan. It describes the result or outcome of the data breaches which
is applicable for JPMorgan. This paper discusses the possible solution of the data breaches which
can be used by JPMorgan.
Abstract
This academic paper describes the issues related to Data Resource Management. In this
particular, the chosen issue for DRM is Data breaches. In this paper a literature review of data
breaches is discussed for JPMorgan. It describes the result or outcome of the data breaches which
is applicable for JPMorgan. This paper discusses the possible solution of the data breaches which
can be used by JPMorgan.
3DATA RESOURCE MANAGEMENT/71161BA
Introduction
Modern Information technology provides the collection as well as storage of bulk amount
of information of the personal data. That why Data resource management plays a vital role in this
particular case. It deals with computer science as well as information systems (Angst et al.,
2017). It is recommended that data breaches gathered huge amount of personal data (Angst et al.,
2017). The protection for this type of data is not sufficient at all. This paper discusses the data
breaches of JPMorgan. This paper proceeds with the literature review of data breaches for
JPMorgan. This paper discusses various kinds of solutions that can protect data breaches of
JPMorgan (Evans, 2015). This paper describes the result of the data breaches. This paper also
shares the case study of JPMorgan of data breaches.
Literature review
According to N Eric Weiss and Rena S. Miller, in recent years, there are lots of financial
data breaches that disclosed a various number of personal information (Angst et al., 2017). It
includes finances, personally identified information, health care, legal problems, and many
others. The authors said that this was performed by outside computer hackers having
unauthorized access to the files. It caused hampering the data of laptops, different types of
physical media and accidental publication. As per a resource, 78% of all the records were
understood during the initial six months of 2014. This is concentrating on the loss of data (Black,
2013). In December of 2013, the cybercriminals breached the data security of the target. It was
the largest retail chain in the United States of America (Eling & Loperfido, 2017). They stole the
personal as well as the financial data of huge of the consumers. The authors mentioned that the
target announced that sensitive data including names, addresses, phone numbers, and email
Introduction
Modern Information technology provides the collection as well as storage of bulk amount
of information of the personal data. That why Data resource management plays a vital role in this
particular case. It deals with computer science as well as information systems (Angst et al.,
2017). It is recommended that data breaches gathered huge amount of personal data (Angst et al.,
2017). The protection for this type of data is not sufficient at all. This paper discusses the data
breaches of JPMorgan. This paper proceeds with the literature review of data breaches for
JPMorgan. This paper discusses various kinds of solutions that can protect data breaches of
JPMorgan (Evans, 2015). This paper describes the result of the data breaches. This paper also
shares the case study of JPMorgan of data breaches.
Literature review
According to N Eric Weiss and Rena S. Miller, in recent years, there are lots of financial
data breaches that disclosed a various number of personal information (Angst et al., 2017). It
includes finances, personally identified information, health care, legal problems, and many
others. The authors said that this was performed by outside computer hackers having
unauthorized access to the files. It caused hampering the data of laptops, different types of
physical media and accidental publication. As per a resource, 78% of all the records were
understood during the initial six months of 2014. This is concentrating on the loss of data (Black,
2013). In December of 2013, the cybercriminals breached the data security of the target. It was
the largest retail chain in the United States of America (Eling & Loperfido, 2017). They stole the
personal as well as the financial data of huge of the consumers. The authors mentioned that the
target announced that sensitive data including names, addresses, phone numbers, and email
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4DATA RESOURCE MANAGEMENT/71161BA
addresses of the seventy million consumers was stolen at the time of data breach (Bathon, 2013).
A report published by the Senate Committee on Commerce concluded that target overlooked the
opportunities to stop the data breach in March in 2014. The authors also mentioned that the
expenditure of data breach was $248 million (Bathon, 2013). Independent sources have
estimated that the expenditure ranged from $240 million to $2.2 billion. It did not integrate the
potential expenditures to the consumers. It concerned regarding personal information and
detailed credit history, potential penalties, financial companies, and many others. This breach
was among the largest in the history of the United States of America (Black, 2013). Consumers
of the companies worried over the scale of this kind of issue drew the attention of the company
related to the targeted data breach. The author also mentioned other types of data breaches. It can
occur at Home Depot, Sony, Adobe and JPMorgan Chase (Angst et al., 2017). The credit card
information was obtained at Home Depot and Adobe. Hackers got a huge number of sensitive
information at Sony, and they also got the contact information in the branch of JPMorgan Chase.
The authors mentioned that there were different kinds of policies for hearings. It included federal
legislation for accessing the information to the consumers (Black, 2013). This law increases the
power of the Federal Trade Commission and authorities’ regarding the data security of the
company. It creates the federal standard for the normal quality of the data security of the
organization (Angst et al., 2017). The author also mentioned that no legislation was introduced in
the 113th Congress. It was raised different kinds of problems that became law. In 2014 and 2015,
the Obama Administration forced Congress to pass the legislation on the data security and
information of data breach. Attorney General named Eric Holder issued a public statement
(Bathon, 2014). It was used to urge Congress to pass a federal data breach notification law. The
FTC suggested calling on Congress to pass a federal data security law (Stevens, 2014). It
addresses of the seventy million consumers was stolen at the time of data breach (Bathon, 2013).
A report published by the Senate Committee on Commerce concluded that target overlooked the
opportunities to stop the data breach in March in 2014. The authors also mentioned that the
expenditure of data breach was $248 million (Bathon, 2013). Independent sources have
estimated that the expenditure ranged from $240 million to $2.2 billion. It did not integrate the
potential expenditures to the consumers. It concerned regarding personal information and
detailed credit history, potential penalties, financial companies, and many others. This breach
was among the largest in the history of the United States of America (Black, 2013). Consumers
of the companies worried over the scale of this kind of issue drew the attention of the company
related to the targeted data breach. The author also mentioned other types of data breaches. It can
occur at Home Depot, Sony, Adobe and JPMorgan Chase (Angst et al., 2017). The credit card
information was obtained at Home Depot and Adobe. Hackers got a huge number of sensitive
information at Sony, and they also got the contact information in the branch of JPMorgan Chase.
The authors mentioned that there were different kinds of policies for hearings. It included federal
legislation for accessing the information to the consumers (Black, 2013). This law increases the
power of the Federal Trade Commission and authorities’ regarding the data security of the
company. It creates the federal standard for the normal quality of the data security of the
organization (Angst et al., 2017). The author also mentioned that no legislation was introduced in
the 113th Congress. It was raised different kinds of problems that became law. In 2014 and 2015,
the Obama Administration forced Congress to pass the legislation on the data security and
information of data breach. Attorney General named Eric Holder issued a public statement
(Bathon, 2014). It was used to urge Congress to pass a federal data breach notification law. The
FTC suggested calling on Congress to pass a federal data security law (Stevens, 2014). It
5DATA RESOURCE MANAGEMENT/71161BA
included the notification of data breach and increased the explicit statutory authority regarding
the problem of data security.
The authors mentioned that information of forty million payment cards and personal,
identification information of seventy million consumers was compromised in the year 2013
(Wang, Ali& Kelly, 2015). The Secret Service disclosed that they are investing in this matter.
They did not want to say anything in detail. In the hearing, the vice president of Target
mentioned that an unauthorized user took the access of an authorized user to place the malware
on the Point of Sale registers (Trang, 2017). The malware can hack all the details of the credit
and debit card of a particular consumer. It has happened before the encryption process (Thomas
et al., 2017). By the blessing of the encryption process, it will be very difficult to go through the
details of the credit and debit card. It is quite surprising that more than forty million payment
cards were used in fraud transactions. Many cards are cancelled. Some valid cards are locked to
protect this kind of fraud transactions (Stevens, 2014). As per the report published by electronic
as well as print media, some financial companies responded to the Target Breach by generating
brand new cards to all their cardholders.
The authors mention that companies that are suffering in data breaches rarely disclose the
details. But the target is an exception (Stevens, 2014). The Chief Financial Officer disclosed the
main dates in the Target Breaches. He said that the first breaches occurred on 12th November
2013. Some attackers hacked the computer system of this company. It was detected by the
security systems of Target. The security professional of that company did not take any action
until it was notified by law enforcement (Stevens, 2014). The second attack occurred on 12th
December 2013. The Department of Justice informed Target that there might be some fraudulent
activity related to the payment cards. It had been utilized by the Target Company. The third
included the notification of data breach and increased the explicit statutory authority regarding
the problem of data security.
The authors mentioned that information of forty million payment cards and personal,
identification information of seventy million consumers was compromised in the year 2013
(Wang, Ali& Kelly, 2015). The Secret Service disclosed that they are investing in this matter.
They did not want to say anything in detail. In the hearing, the vice president of Target
mentioned that an unauthorized user took the access of an authorized user to place the malware
on the Point of Sale registers (Trang, 2017). The malware can hack all the details of the credit
and debit card of a particular consumer. It has happened before the encryption process (Thomas
et al., 2017). By the blessing of the encryption process, it will be very difficult to go through the
details of the credit and debit card. It is quite surprising that more than forty million payment
cards were used in fraud transactions. Many cards are cancelled. Some valid cards are locked to
protect this kind of fraud transactions (Stevens, 2014). As per the report published by electronic
as well as print media, some financial companies responded to the Target Breach by generating
brand new cards to all their cardholders.
The authors mention that companies that are suffering in data breaches rarely disclose the
details. But the target is an exception (Stevens, 2014). The Chief Financial Officer disclosed the
main dates in the Target Breaches. He said that the first breaches occurred on 12th November
2013. Some attackers hacked the computer system of this company. It was detected by the
security systems of Target. The security professional of that company did not take any action
until it was notified by law enforcement (Stevens, 2014). The second attack occurred on 12th
December 2013. The Department of Justice informed Target that there might be some fraudulent
activity related to the payment cards. It had been utilized by the Target Company. The third
6DATA RESOURCE MANAGEMENT/71161BA
incident occurred on 13th December 2013. In this case, the Target contacted the Department of
Justice as well as Secret Service of USA (Spiekermann et al., 2013). The Fourth data breach
incident occurs on 14th December 2014. In this particular case the Target Company recruited
external IT experts for conducting an entire forensic investigation.
According to the authors, Target Company detected that there were forty million payment
cards and seventy million PII data breaches that have at least twelve million in common. This
incident affected ninety million consumers (Sen & Borle, 2015). Fazio Mechanical Services
provided heating, air conditioning and ventilation services for the Target Company. This
company said that the data breach affected the payment system of the Target Company (Sen &
Borle, 2015). They were an authorized company for providing the billing as well as Project
management information to the Target Company. Fazio was affected by a phishing email that
contained the malware (Peretti & Abbas, 2016). This malware was installed in the internal
network of Target Company. It included the POS system. The main function of this system was
to record payment card transactions.
In this article, it is mentioned that after the preliminary announcement of the Target data
breach, other possibly related data breaches were disclosed (Opderbeck, 2015). It included
Neiman Marcus, Michaels, Home Depots, White Lodging and many others. It said that someone
obtained a credential of the customers to access the billing of the target vendor and also the
invoicing system. The data breaches accessed the client’s billing information and also the
invoicing system (Manworren, Letwat & Daily, 2016). It was escalated to access the POS
system of the Target Company. POS system was responsible to introduce malware into the
system. Target software was used to distribute the malware to all the POS devices of the Target
incident occurred on 13th December 2013. In this case, the Target contacted the Department of
Justice as well as Secret Service of USA (Spiekermann et al., 2013). The Fourth data breach
incident occurs on 14th December 2014. In this particular case the Target Company recruited
external IT experts for conducting an entire forensic investigation.
According to the authors, Target Company detected that there were forty million payment
cards and seventy million PII data breaches that have at least twelve million in common. This
incident affected ninety million consumers (Sen & Borle, 2015). Fazio Mechanical Services
provided heating, air conditioning and ventilation services for the Target Company. This
company said that the data breach affected the payment system of the Target Company (Sen &
Borle, 2015). They were an authorized company for providing the billing as well as Project
management information to the Target Company. Fazio was affected by a phishing email that
contained the malware (Peretti & Abbas, 2016). This malware was installed in the internal
network of Target Company. It included the POS system. The main function of this system was
to record payment card transactions.
In this article, it is mentioned that after the preliminary announcement of the Target data
breach, other possibly related data breaches were disclosed (Opderbeck, 2015). It included
Neiman Marcus, Michaels, Home Depots, White Lodging and many others. It said that someone
obtained a credential of the customers to access the billing of the target vendor and also the
invoicing system. The data breaches accessed the client’s billing information and also the
invoicing system (Manworren, Letwat & Daily, 2016). It was escalated to access the POS
system of the Target Company. POS system was responsible to introduce malware into the
system. Target software was used to distribute the malware to all the POS devices of the Target
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7DATA RESOURCE MANAGEMENT/71161BA
Company (Liu, Musen & Chou, 2015). There was a warning provided during the transmission of
data. But it was ignored.
On October 2, 2014, JP Morgan Chase reported to the Security and Exchange
Commission that a cyber-attack had understood the PII of approximately seventy-six million
households and also the seven million small businesses (Kwon & Johnson, 2015). It included
names, addresses, phone numbers, email addresses and many others. According to the report of
the company there was no such proof that many accounts information were compromised. This
company reassured that no consumers were responsible for any kind of unauthorized activity on
their accounts (Khey & Sainato, 2013). After the 2nd October, the disclosed information was
general. As per the media reports hackers got access in the middle of June 2014 from
JPMorgan's servers. It was used to preserve the information of current as well as previous
customers (Kamoun & Nicho, 2014). It was accessed from the mobile applications as well as the
official websites.
Results
It will provide a huge amount of loss of revenue for the company. As it hampers the
payment cards of the financial institution then it will damage the popularity of the company in a
large extent (Bathon, 2013). The customer will lose the trust about the company as it hampers the
privacy of information of the consumer. It will lead to increase the hidden cost of the company.
For investigating this matter, a huge amount of legal fees needs to be paid by the company. The
company will need to invest a huge amount of money for performing the investigation operations
(Black, 2013). The company may have to pay regulatory fees related to this matter. The hackers
Company (Liu, Musen & Chou, 2015). There was a warning provided during the transmission of
data. But it was ignored.
On October 2, 2014, JP Morgan Chase reported to the Security and Exchange
Commission that a cyber-attack had understood the PII of approximately seventy-six million
households and also the seven million small businesses (Kwon & Johnson, 2015). It included
names, addresses, phone numbers, email addresses and many others. According to the report of
the company there was no such proof that many accounts information were compromised. This
company reassured that no consumers were responsible for any kind of unauthorized activity on
their accounts (Khey & Sainato, 2013). After the 2nd October, the disclosed information was
general. As per the media reports hackers got access in the middle of June 2014 from
JPMorgan's servers. It was used to preserve the information of current as well as previous
customers (Kamoun & Nicho, 2014). It was accessed from the mobile applications as well as the
official websites.
Results
It will provide a huge amount of loss of revenue for the company. As it hampers the
payment cards of the financial institution then it will damage the popularity of the company in a
large extent (Bathon, 2013). The customer will lose the trust about the company as it hampers the
privacy of information of the consumer. It will lead to increase the hidden cost of the company.
For investigating this matter, a huge amount of legal fees needs to be paid by the company. The
company will need to invest a huge amount of money for performing the investigation operations
(Black, 2013). The company may have to pay regulatory fees related to this matter. The hackers
8DATA RESOURCE MANAGEMENT/71161BA
can perform the modification of the payment information of the consumer. Attackers can able to
modify some contents of the webpage of that organization.
Suggestions for future work
That company can take different kinds of steps to prevent the data breaches. These
include:
Practicing data segregation: If the data network of that particular hotel is flat,
then the cyber hackers can move freely in the entire network, and they can pilfer
the sensitive data (Huq, 2015). If the hotel authority implements the data
segregation concept then they provide restriction to the compromised data. If they
implement this then hackers are not able to hack the server within a small amount
of time. As a result of that, they can be easily caught.
Imposing the Principle of Least Privilege (PoLP): In Information Security,
there is a concept named Principle of Least Privilege. It says that ever module
must have the ability to access only those information as well as resources that are
required for a specific purpose (Huq, 2015). The module can be a process, a user
or a program. It entirely depends on the subject. If any credit card information, as
well as other personal information, is compromised, then cyber attackers do not
have any access to the entire network of that particular hotel.
Investing in a good security program: If the server of that Hotel hacked, then it
can be detected by using an outstanding security program. It will be able to detect
the threat, prevent the malware from coming into the network of that hotel server
can perform the modification of the payment information of the consumer. Attackers can able to
modify some contents of the webpage of that organization.
Suggestions for future work
That company can take different kinds of steps to prevent the data breaches. These
include:
Practicing data segregation: If the data network of that particular hotel is flat,
then the cyber hackers can move freely in the entire network, and they can pilfer
the sensitive data (Huq, 2015). If the hotel authority implements the data
segregation concept then they provide restriction to the compromised data. If they
implement this then hackers are not able to hack the server within a small amount
of time. As a result of that, they can be easily caught.
Imposing the Principle of Least Privilege (PoLP): In Information Security,
there is a concept named Principle of Least Privilege. It says that ever module
must have the ability to access only those information as well as resources that are
required for a specific purpose (Huq, 2015). The module can be a process, a user
or a program. It entirely depends on the subject. If any credit card information, as
well as other personal information, is compromised, then cyber attackers do not
have any access to the entire network of that particular hotel.
Investing in a good security program: If the server of that Hotel hacked, then it
can be detected by using an outstanding security program. It will be able to detect
the threat, prevent the malware from coming into the network of that hotel server
9DATA RESOURCE MANAGEMENT/71161BA
(Huq, 2015). The company can use the Malware bytes to give protection of the
server of that hotel from external attacks.
Providing security awareness training: The hotel authority must provide
training to its employees related to security awareness. As per the recent survey, it
has been seen that employees of a company are the weakest chain in the area of
data security (Edwards, Hofmeyr & Forrest, 2016). For that reason, the hotel must
conduct regular classes for providing the security of data security. These regular
classes will provide them with sound knowledge regarding the mechanism of
protecting data of the consumers from outside attackers or hackers.
Developing a cyber-breach response plan: Without proper planning, it is hardly
possible for the company authority to protect their consumer data from external
attackers. The company must consult with a third party information technology
company regarding this matter. It will help both employees as well as consumers
to understand the potential damages that could happen. The response plan must
initialize with an evaluation of exactly what was lost and at what time. The hotel
authority must have to search the guilty person (Eling & Loperfido, 2017). By
taking this type of strong action, the JPMorgan authority can reduce the damages
and restore the trust of consumers.
Monitoring the data leakage: The IT security team of that particular company
must check the security controls regularly. It will allow the security team to have
entire control over the network of that company (Eling & Loperfido, 2017). They
should check the internet contents because they have to detect whether any kind
of sensitive data is available for public viewing.
(Huq, 2015). The company can use the Malware bytes to give protection of the
server of that hotel from external attacks.
Providing security awareness training: The hotel authority must provide
training to its employees related to security awareness. As per the recent survey, it
has been seen that employees of a company are the weakest chain in the area of
data security (Edwards, Hofmeyr & Forrest, 2016). For that reason, the hotel must
conduct regular classes for providing the security of data security. These regular
classes will provide them with sound knowledge regarding the mechanism of
protecting data of the consumers from outside attackers or hackers.
Developing a cyber-breach response plan: Without proper planning, it is hardly
possible for the company authority to protect their consumer data from external
attackers. The company must consult with a third party information technology
company regarding this matter. It will help both employees as well as consumers
to understand the potential damages that could happen. The response plan must
initialize with an evaluation of exactly what was lost and at what time. The hotel
authority must have to search the guilty person (Eling & Loperfido, 2017). By
taking this type of strong action, the JPMorgan authority can reduce the damages
and restore the trust of consumers.
Monitoring the data leakage: The IT security team of that particular company
must check the security controls regularly. It will allow the security team to have
entire control over the network of that company (Eling & Loperfido, 2017). They
should check the internet contents because they have to detect whether any kind
of sensitive data is available for public viewing.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10DATA RESOURCE MANAGEMENT/71161BA
Tracking the data: The IT team of that company should track the movement of
data within the network of that company (Eling & Loperfido, 2017). It will
protect the data from any unauthorized access.
Stopping intrusion: The authority of that company should stop several routes of
the server that can prevent the intrusions performed by the hacker (Evans, 2015).
Management, productions and security solutions are integrated to stop the
targeted attacks.
The response of the Breach: The company authority should build a breach
response plan that will help in triggering the quick response of the data breaches
and help to reduce the harm (Evans, 2015). This plan may contain several steps
that involve the notification of the respective employees who could respond to
contain the breach.
Automating the security: The authority of the company must use the automated
systems to prevent the data breaches. It verifies the password settings in a regular
manner (Black, 2013). It also checks the firewall as well as server configuration
that may bring the reduction of risk for the private information.
Using a strong password in the system: The company authority must use a
strong password. This password will be very difficult to crack (Evans, 2015). The
hotel should modify the password from time to time.
Decreasing the transfer of data: The company authority must ban the
transferring of data from one device to another device.
Tracking the data: The IT team of that company should track the movement of
data within the network of that company (Eling & Loperfido, 2017). It will
protect the data from any unauthorized access.
Stopping intrusion: The authority of that company should stop several routes of
the server that can prevent the intrusions performed by the hacker (Evans, 2015).
Management, productions and security solutions are integrated to stop the
targeted attacks.
The response of the Breach: The company authority should build a breach
response plan that will help in triggering the quick response of the data breaches
and help to reduce the harm (Evans, 2015). This plan may contain several steps
that involve the notification of the respective employees who could respond to
contain the breach.
Automating the security: The authority of the company must use the automated
systems to prevent the data breaches. It verifies the password settings in a regular
manner (Black, 2013). It also checks the firewall as well as server configuration
that may bring the reduction of risk for the private information.
Using a strong password in the system: The company authority must use a
strong password. This password will be very difficult to crack (Evans, 2015). The
hotel should modify the password from time to time.
Decreasing the transfer of data: The company authority must ban the
transferring of data from one device to another device.
11DATA RESOURCE MANAGEMENT/71161BA
Giving protection of the information: The JPMorgan authority must implement
appropriate data protection mechanism for securing the data (Evans, 2015). They
should not disclose sensitive data.
Performing routine audits: If company authority performs routine audits, then
they can able to detect the potential loopholes related to security. It will give the
company a thorough assessment of the security policy compared to vulnerability
or security testing (Bathon, 2013). It considers the dynamic nature of the company
as well as how the company tackles the data breaches. There are some common
questions that arise during the security audit. It includes:
Does the company have documented the policies of data security?
Do they have the management process in place?
Do they have the escalation policies?
Do they have network security mechanisms?
Do they have the security and log monitoring setup?
Is there any password as well as encryption policies?
Are the applications properly tested for security flaws?
Is there any change management process provided by the company?
Who will be able to access the files and media backup?
Is there any review related to the auditing logs?
At what time the security auditing logs are reviewed?
Preventing and detecting security vulnerabilities by using some software:
In the past few years, there have been many reports of the personal information
that is being disclosed by theft laptops, backup drives as well as data breach.
Giving protection of the information: The JPMorgan authority must implement
appropriate data protection mechanism for securing the data (Evans, 2015). They
should not disclose sensitive data.
Performing routine audits: If company authority performs routine audits, then
they can able to detect the potential loopholes related to security. It will give the
company a thorough assessment of the security policy compared to vulnerability
or security testing (Bathon, 2013). It considers the dynamic nature of the company
as well as how the company tackles the data breaches. There are some common
questions that arise during the security audit. It includes:
Does the company have documented the policies of data security?
Do they have the management process in place?
Do they have the escalation policies?
Do they have network security mechanisms?
Do they have the security and log monitoring setup?
Is there any password as well as encryption policies?
Are the applications properly tested for security flaws?
Is there any change management process provided by the company?
Who will be able to access the files and media backup?
Is there any review related to the auditing logs?
At what time the security auditing logs are reviewed?
Preventing and detecting security vulnerabilities by using some software:
In the past few years, there have been many reports of the personal information
that is being disclosed by theft laptops, backup drives as well as data breach.
12DATA RESOURCE MANAGEMENT/71161BA
These occurred when these were transmitted by the networks by some
unauthorized users (Thomas et al., 2017). An important methodology that can be
utilized to protect the data is to perform the data related to the encryption. It
protects the data as a decryption key. It is responsible for performing the
encryption of information (Thomas et al., 2017). Unauthorized users can access
the data without the presence of the decryption key (Evans, 2015). Data protection
is very important to avoid any data loss. It is immaterial that the breach may be
intentional or just human error. There are several ways that can protect the hotel
from a security breach (Eling & Loperfido, 2017). There are various ways to
make the internal network of the company strong. It can protect the network from
the data breaches (Haughom, 2016). There are various numbers of third party
software available. This software can protect the internal network from data
breaches (Evan, 2015).
Conclusion
This academic paper discusses regarding the data breaches of JPMorgan Company. This
is a very critical issue for that company. It leads to hamper of huge amount of financial as well as
consumer data of the JPMorgan Company. It will lead to hamper of popularity of the company
among the consumers of United States of America. By using the attacker gets all kind of card
related information of the consumer. By using several approaches this company can protect the
data breaches. The must investigate that whether this security policy is implemented by the
consumer or not. The company should hire a security audit team. They are responsible to
perform the audit related to the security of consumer data. The data breach leads to the loss of
huge amount of US dollars of the company.
These occurred when these were transmitted by the networks by some
unauthorized users (Thomas et al., 2017). An important methodology that can be
utilized to protect the data is to perform the data related to the encryption. It
protects the data as a decryption key. It is responsible for performing the
encryption of information (Thomas et al., 2017). Unauthorized users can access
the data without the presence of the decryption key (Evans, 2015). Data protection
is very important to avoid any data loss. It is immaterial that the breach may be
intentional or just human error. There are several ways that can protect the hotel
from a security breach (Eling & Loperfido, 2017). There are various ways to
make the internal network of the company strong. It can protect the network from
the data breaches (Haughom, 2016). There are various numbers of third party
software available. This software can protect the internal network from data
breaches (Evan, 2015).
Conclusion
This academic paper discusses regarding the data breaches of JPMorgan Company. This
is a very critical issue for that company. It leads to hamper of huge amount of financial as well as
consumer data of the JPMorgan Company. It will lead to hamper of popularity of the company
among the consumers of United States of America. By using the attacker gets all kind of card
related information of the consumer. By using several approaches this company can protect the
data breaches. The must investigate that whether this security policy is implemented by the
consumer or not. The company should hire a security audit team. They are responsible to
perform the audit related to the security of consumer data. The data breach leads to the loss of
huge amount of US dollars of the company.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
13DATA RESOURCE MANAGEMENT/71161BA
References
Angst, C. M., Block, E. S., D'arcy, J., & Kelley, K. (2017). When do IT security investments
matter? Accounting for the influence of institutional factors in the context of healthcare
data breaches. Mis Quarterly, 41(3).
Bathon, J. (2013). How little data breaches cause big problems for schools. The Journal, 40(10),
26-29.
Black, J. (2013). Developments in data security breach liability. The Business Lawyer, 69(1),
199-207.
Carruthers, K. (2014). Internet of things and beyond: Cyber-physical systems. IEEE Internet of
Things Newsletter, 10.
Edwards, B., Hofmeyr, S., & Forrest, S. (2016). Hype and heavy tails: A closer look at data
breaches. Journal of Cybersecurity, 2(1), 3-14.
Eling, M., & Loperfido, N. (2017). Data breaches: Goodness of fit, pricing, and risk
measurement. Insurance: mathematics and economics, 75, 126-136.
Evans, G. J. (2015). Regulating Data Practices: How State Laws Can Shore Up the FTC’s
Authority to Regulate Data Breaches, Privacy, and More. Administrative Law
Review, 67(1), 187-219.
Haughom, J. K. (2016). Who Are the Real Cyeberbullies: Hackers or the FTC: The Fairness of
the FTC's Authority in the Data Security Context. Cath. UL Rev., 66, 881.
References
Angst, C. M., Block, E. S., D'arcy, J., & Kelley, K. (2017). When do IT security investments
matter? Accounting for the influence of institutional factors in the context of healthcare
data breaches. Mis Quarterly, 41(3).
Bathon, J. (2013). How little data breaches cause big problems for schools. The Journal, 40(10),
26-29.
Black, J. (2013). Developments in data security breach liability. The Business Lawyer, 69(1),
199-207.
Carruthers, K. (2014). Internet of things and beyond: Cyber-physical systems. IEEE Internet of
Things Newsletter, 10.
Edwards, B., Hofmeyr, S., & Forrest, S. (2016). Hype and heavy tails: A closer look at data
breaches. Journal of Cybersecurity, 2(1), 3-14.
Eling, M., & Loperfido, N. (2017). Data breaches: Goodness of fit, pricing, and risk
measurement. Insurance: mathematics and economics, 75, 126-136.
Evans, G. J. (2015). Regulating Data Practices: How State Laws Can Shore Up the FTC’s
Authority to Regulate Data Breaches, Privacy, and More. Administrative Law
Review, 67(1), 187-219.
Haughom, J. K. (2016). Who Are the Real Cyeberbullies: Hackers or the FTC: The Fairness of
the FTC's Authority in the Data Security Context. Cath. UL Rev., 66, 881.
14DATA RESOURCE MANAGEMENT/71161BA
Hemphill, T. A., & Longstreet, P. (2016). Financial data breaches in the US retail economy:
Restoring confidence in information technology security standards. Technology in
Society, 44, 30-38.
Huq, N. (2015). Follow the data: Dissecting data breaches and debunking myths. Trend-Micro
Research Paper.
Kamoun, F., & Nicho, M. (2014). Human and organizational factors of healthcare data breaches:
The swiss cheese model of data breach causation and prevention. International Journal of
Healthcare Information Systems and Informatics (IJHISI), 9(1), 42-60.
Khey, D. N., & Sainato, V. A. (2013). Examining the correlates and spatial distribution of
organizational data breaches in the United States. Security Journal, 26(4), 367-382.
Kwon, J., & Johnson, M. E. (2015, June). The Market Effect of Healthcare Security: Do Patients
Care about Data Breaches?. In WEIS.
Liu, V., Musen, M. A., & Chou, T. (2015). Data breaches of protected health information in the
United States. Jama, 313(14), 1471-1473.
Manworren, N., Letwat, J., & Daily, O. (2016). Why you should care about the Target data
breach. Business Horizons, 59(3), 257-266.
Opderbeck, D. W. (2015). Cybersecurity, Data Breaches, and the Economic Loss Doctrine in the
Payment Card Industry. Md. L. Rev., 75, 935.
Pierce, J. C. (2015). Shifting data breach liability: a congressional approach. Wm. & Mary L.
Rev., 57, 975.
Romanosky, S., Hoffman, D., & Acquisti, A. (2014). Empirical analysis of data breach
litigation. Journal of Empirical Legal Studies, 11(1), 74-104.
Hemphill, T. A., & Longstreet, P. (2016). Financial data breaches in the US retail economy:
Restoring confidence in information technology security standards. Technology in
Society, 44, 30-38.
Huq, N. (2015). Follow the data: Dissecting data breaches and debunking myths. Trend-Micro
Research Paper.
Kamoun, F., & Nicho, M. (2014). Human and organizational factors of healthcare data breaches:
The swiss cheese model of data breach causation and prevention. International Journal of
Healthcare Information Systems and Informatics (IJHISI), 9(1), 42-60.
Khey, D. N., & Sainato, V. A. (2013). Examining the correlates and spatial distribution of
organizational data breaches in the United States. Security Journal, 26(4), 367-382.
Kwon, J., & Johnson, M. E. (2015, June). The Market Effect of Healthcare Security: Do Patients
Care about Data Breaches?. In WEIS.
Liu, V., Musen, M. A., & Chou, T. (2015). Data breaches of protected health information in the
United States. Jama, 313(14), 1471-1473.
Manworren, N., Letwat, J., & Daily, O. (2016). Why you should care about the Target data
breach. Business Horizons, 59(3), 257-266.
Opderbeck, D. W. (2015). Cybersecurity, Data Breaches, and the Economic Loss Doctrine in the
Payment Card Industry. Md. L. Rev., 75, 935.
Pierce, J. C. (2015). Shifting data breach liability: a congressional approach. Wm. & Mary L.
Rev., 57, 975.
Romanosky, S., Hoffman, D., & Acquisti, A. (2014). Empirical analysis of data breach
litigation. Journal of Empirical Legal Studies, 11(1), 74-104.
15DATA RESOURCE MANAGEMENT/71161BA
Sen, R., & Borle, S. (2015). Estimating the contextual risk of data breach: An empirical
approach. Journal of Management Information Systems, 32(2), 314-341.
Spiekermann, S., Acquisti, A., Böhme, R., & Hui, K. L. (2015). The challenges of personal data
markets and privacy. Electronic markets, 25(2), 161-167.
Stevens, G. (2014). The Federal Trade Commission's Regulation of Data Security Under Its
Unfair or Deceptive Acts or Practices (UDAP) Authority. Congressional Research
Service.
Thomas, K., Li, F., Zand, A., Barrett, J., Ranieri, J., Invernizzi, L., ... & Margolis, D. (2017,
October). Data breaches, phishing, or malware?: Understanding the risks of stolen
credentials. In Proceedings of the 2017 ACM SIGSAC conference on computer and
communications security (pp. 1421-1434). ACM.
Trang, M. N. (2017). Compulsory corporate cyber-liability insurance: Outsourcing data privacy
regulation to prevent and mitigate data breaches. Minn. JL Sci. & Tech., 18, 389.
Sen, R., & Borle, S. (2015). Estimating the contextual risk of data breach: An empirical
approach. Journal of Management Information Systems, 32(2), 314-341.
Spiekermann, S., Acquisti, A., Böhme, R., & Hui, K. L. (2015). The challenges of personal data
markets and privacy. Electronic markets, 25(2), 161-167.
Stevens, G. (2014). The Federal Trade Commission's Regulation of Data Security Under Its
Unfair or Deceptive Acts or Practices (UDAP) Authority. Congressional Research
Service.
Thomas, K., Li, F., Zand, A., Barrett, J., Ranieri, J., Invernizzi, L., ... & Margolis, D. (2017,
October). Data breaches, phishing, or malware?: Understanding the risks of stolen
credentials. In Proceedings of the 2017 ACM SIGSAC conference on computer and
communications security (pp. 1421-1434). ACM.
Trang, M. N. (2017). Compulsory corporate cyber-liability insurance: Outsourcing data privacy
regulation to prevent and mitigate data breaches. Minn. JL Sci. & Tech., 18, 389.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
16DATA RESOURCE MANAGEMENT/71161BA
1 out of 17
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.