The Student must do all 5 Security breach write-ups on separate Security breach incidents to earn 25 points of extra credit (up to 5 points per write-up. therefore, you can earn up to 25 points of extra credit for this class by completing 5 security breach assignments (up to 5 points each depending on completeness and quality).
We learned about security breaches in the third week of class. Your job is to do some deep research on the case and find out the root cause of a security breach covered in the media. I recommend you review a security breach that is at least over 6 months old as there may not be enough information reported on new breaches. You will Google the case and find as many articles as you can about it. From there extract the information and write up your report.
What do I mean by root cause? For instance, you may run across a case where it is reported that malware was introduced into the system. That is not the root cause.
How did the malware get there? Perhaps a company employee answered a phishing attack.
That would be the root cause. Maybe the company failed to patch a known vulnerability. That, too, would be a root cause.
Once you have selected your breach(s) to use you must write a summary of each breach(s).
1.Course Number, Semester And Year, Your Name
2.Name of the company or organization that incurred the breach
3.Date of the breach (month and year)
4.Summary to include the nature of the breach, what information was lost or stolen (i.e. credit cards numbers, PII, etc), and what caused the breach to occur. While this is a summary, do be thorough. This should be a short paragraph.
5.Impact: What was the impact of the breach? Where their fines levied? Lawsuits? Costs to replace credit cards? In total, how much did the breach cost the company? This should be a short paragraph.
6.New Controls/Countermeasures: What did the organization do to prevent the breach from recurring.
7.Root Cause: State clearly your conclusions about the root cause and justify why you believe it to the root causes (malware is not a root cause unless the hacker exploited an unknown vulnerability or create some really novel hacking tool). This should be a short paragraph.
8.Root Cause Category: This should be a word or two, or a short phrase like “Successful Phishing Attack” or “Weak Password Compromise”
I recommend that you NOT attempt to review a very recent security breach(s). The information you will need is not likely available to the public yet. Stick to security breaches that are at least 6 months old or older.
A typical security breach write-up is one or two full pages per security breach. The 5 write-ups are considered a group and must be turned in as such. That being said the write-ups must be structured on one document. To help this is what is meant by the 5 different subject security breach write-up(s) then the work cited pages after.