Choose a recent IS security breach or service outage that has been in the media - Essay Example

ID # A security breach or service outage that has been in the media In the past few years, information security has become a serious challenge for the business organizations. Basically, security attacks and breaches may or may not depend on what is included within the term “security breach.” In this scenario, the majority of information security laws and regulations describe “security breach” as an illegal access to a particular set of personal data and information (in the US, typically  information employed to produce or get access to financial accounts) (Nash; Cate).

For this paper, I have chosen a latest security issue that is known as RSA Security breach, which took place in March 2011. As a result of this breach records of more than 40 million workers were stolen. Additionally, the significant influence of such cyber attack that stole data and information on the businesss Secur-ID verification tokens is yet being debated. According to the management of RSA, two separate hacker groups working in the organization with an overseas supervision to begin a set of spear phishing based security attacks beside RSA workers, demonstrating like people the workers relied, to infiltrate the businesss network.

In this scenario, EMC stated that in last July it had used-up as a minimum $66 million on remediation. However, RSA administrative staff believes that there was no harm to clients networks. Additionally, the management of RSA has not supported the matter by initially being unclear regarding both the security based attack vector and (more notably) the information that was stolen (Armerding; Bell; Cate). In addition, it was simply a matter of time previous to following security based attacks on Lockheed-Martin, L3, and others happened, all of those are supposed to be particularly supported by RSA breach.

In this scenario, many people believe that it is just a psychological damage. Without a doubt, this security breach was very harmful and critical just not simply because of the damage it caused, however as well in the scenario of the miserable danger that it drove into each CIO who misplaced the warm-and-fuzzy situation that the reliability of his/her enterprise verification model was undamaged (Armerding; Bell; Cate). Moreover, the bank had to face the loss of more than $100 to put back identification tokens that left their computers susceptible to spying.

According to the management of RSA, clients have suggested them to follow a number of prevention practices. However, the bank is seriously considering the suggestions of their customers. And it is currently determining the security based breach with higher authorities; there is no hesitation more data will be published soon (Egusa; King).Furthermore, the bank has warned their customers to pay particular attention to information security especially while using social media systems and Web sites, implement powerful password, using various combinations and PIN policies, and be reminiscent workers to get rid of opening suspicious emails or do not share their log-in details with people or any other web sites.

In addition, customers should as well pay particular concentration to protecting their dynamic directories, "make complete use of their SIEM products," employ two-factor verification to manage access to dynamic directories, check for transformations in user privilege levels and access level privileges, restrict remote and physical access to structure hosting information security software. The bank has decided to implement these kinds of strategies as well. Though, the initiatives taken by the bank are appropriate, but I would suggest them to be more inventive in the future and implement lessons learned from serving its customers with its own inner enterprise technology based systems.

And it should also implement an information security contingency plan in the future that will help the bank quickly recover from these breaches (Rashid; Schwartz; Rashid, RSAs SecurID Breach Started with Phishing Email).Works CitedArmerding, Taylor. The 15 worst data security breaches of the 21st Century. 15 February 2012. 12 December 2012 .Bell, Stephen. Lessons From the RSA Breach. 04 October 2011. 14 December 2012 .Cate, Fred H. Information Security Breaches: Looking Back & Thinking Ahead. 2008. 14 December 2012 .

Egusa, Conrad. RSA security breach leaves data for 40M employees vulnerable. 18 March 2011. 14 December 2012 .King, Rachael. EMC’s RSA Security Breach May Cost Bank Customers $100 Million. 08 June 2011. 15 December 2012 .Nash, Jason. Networking Essentials, MCSE Study Guide. California: IDG Books Worldwide, Inc, 2000.Rashid, Fahmida Y. RSA Warns SecurID Customers of Data Breach. 18 March 2011. 17 December 2012 .—. RSAs SecurID Breach Started with Phishing Email. 04 April 2011. 14 December 2012 .

Schwartz, Mathew J. RSA SecurID Breach Cost $66 Million. 28 July 2012. 15 December 2012 .