Information Security Management - Case Study Example

Information Security Management Case Study Information Security Management Case Study Cyber trolling has been described as the anti-social act of intentionally causing interpersonal conflict, and shock-value controversy online. Cyber trolls are named after the often very wicked creatures portrayed in children’s tales. In recent years, the phenomenon of cyber harassing individuals and companies has quickly swept across numerous websites to now affect Facebook pages, online forums and newspaper comments (Marsh & Melville, 2014, p. 145-146). The affected websites are frequently bombarded with threats, provocations and insults. In recent years, social engineering has been widely associated with the acquisition of information, for the sole purpose of attempting to commit fraud or theft. However, with the increase in social networking, this form of cyber harassment is now widely being used in the dissemination of false or misleading information that is primarily targeted at negatively impacting the ability of individuals or business enterprises to conduct their operations (Worksman, Phelps & Gathegi, 2013, p. 472-473). Assessment of Attacker’s motives behind the Cyber Harassment In his sustained attack against EZ company, it can be noted that Theb, the blogger, seems to have differences the company and this has resulted in the development of a situation where he is out to try and tarnish the overall reputation and credibility of the company. This attack is as a result of a dispute that had begun years earlier between himself, and some of the company’s principals. In a bid to get at the company’s principals, the blogger’s online campaign is attempting to try and discredit the new information integration and visualization technology that is being offered by the company. In the social engineering cyber attack, the blogger touts himself as an expert on information integration and visualization technology. However, he only has a degree in communications and religious studies. The supposition that the blogger is only out to try and tarnish the reputation of the company is amply supported by the fact that although an EZ Company public relations representative once attempted to try and request the blogger to provide the company with direct feedback to help the company in improving its product, the blogger did not provide this feedback and continued with tarnishing the company’s name: To do this, the blogger took bits of the email he had received from the company out of context and after grossly manipulating the fabrication in a “newsletter”, he went on to post it online along with his stated intention of attempting to try and prevent the company from being able to sell its products. It is also quite possible that the blogger is being paid by a rival to engage in a social engineering cyber attack against EZ Company. Companies that fund bloggers to conduct sustained social engineering attacks against their rivals can pose serious risk and problems. According to Hines (2007, p. 56), if used in this manner, blogs and social media can potentially become the ideal and ultimate vehicle for use in personal attacks, brand-bashing, smear campaigns and political extremism. In an article appearing in the journal of new communication research, Hines (2007, p. 56) points out that according to one lawyer who frequently engages in defending the victims of online abuse, about half of the online trolling and social engineered harassment perpetrators are companies that use blogs as weapons. These companies at times resort to paying bloggers to bash their competitors with the aim of trying to discredit their competitors or the products that are being offered by these competitors. In relation to EZ Company, this might probably be the reason as to why the blogger is conducting the online social engineering campaign against the company. It is possible that the blogger is being paid or has interests in a company that is in direct competition with EZ Company. This might be the reason as to why when the EZ Company public relations representative offered him the opportunity to receive payment for offering consultation to the company, he refused the offer and went on with his online attacks against the company. Analysis of the Problem Who: In this scenario it is clear that the client EZ Company is currently under attack by a blogger. Although the client company has attempted to reach out to the blogger to resolve the issue, the blogger has remained adamantly headstrong and the situation continues to remain unresolved. What: The main issue in question is that the blogger has embarked on a tarnishing, social engineering cyber trolling campaign against the client company. This social engineering campaign is targeted against the new information integration and visualization technology that is being offered by EZ Company. The cyber attack being conducted against the company has affected the negotiations of the sale of the company. As a direct result of the negative social engineering campaign by the blogger, the prospective suitor who wanted to buy the company has informed the EZ Company board of directors that the actual valuation of the company has significantly diminished as a result of cyber attacks. Where: The social engineering campaign being conducted by the blogger is being conducted online using a number of online avenues. This includes a large number of self promoting web pages, trash talk blogs as well as through the issuance of a purported newsletter. Why: The social engineering cyber attacks by the blogger that are targeted at discrediting EZ Company’s information integration and visualization technology are seen to be as a result of a long-standing dispute between the blogger and some of EZ Company’s principal executives. In a bid to try and get at these principals, the blogger is directly targeting EZ Company and its product. Sophisticated Solutions or Set of Recommendations for EZ Company There are a number of methods that can be utilized by EZ Company in its attempts to obtain a successful resolution of the social engineering cyber attack against the company. It is important for the company to first try and use the more passive measures before eventually resorting to the more aggressive methods of conflict resolution. Regardless of the method used, it is important to resolve the conflict immediately as it has already resulted in the company’s devaluation and could potentially negatively impact the sale of its products. Approaching the Blogger The first recommendation that can be made to the company is for its principals to try and approach the blogger and attempt to amicably resolve the long standing dispute between them. By approaching the blogger directly as opposed to merely using a company public relations representative, the company principals might be able to engage in a meaningful discussion with the blogger and successfully resolve the long-standing dispute between them. Such a resolution would have the effect of ending the social engineering cyber attack that is being conducted by the blogger. In addition to this, a peaceful resolution to the dispute might make it possible for EZ Company to enter into an agreement with the blogger that would requires that the blogger conducts an online campaign that would recant his earlier claims against the company’s product. In this campaign, the blogger would be expected to advocate for the product for a given time period in an effort to redeem the company’s overall image. Negotiating with the Blogger Another option that is available for use by the company is for it to enter into legal negotiations with the blogger. As indicated in the case study, the blogger is not an expert on the system in question and attempts by the company to get him to provide his feedback or offer consultative services have failed to succeed. In his respect, the company can attempt to try and enter into serious legal negations with the blogger. During these negotiations, the company should be represented by a high ranking executive as opposed its being represented by a public relations representative. It is also important for the company’s legal representative to be present during this negotiation to ensure that any agreement that is reached to end the attacks by the blogger is legally binding. Some of the possible solutions that might be achieved during these negotiations include the payment of a cash settlement or giving the blogger stock options in return for his ending the social engineering cyber attack against the company. The agreement can also have a stipulation requiring that the blogger recants the claims that he made against the new information integration and visualization technology that is being sold by the company. If the company is unable to reach a peaceful agreement with the blogger, it will be necessary for it to engage in some more aggressive conflict resolution options. These might variously include: Press Statements and Advertisements If possible, the company can release a press statement and create mass media advertisements that would seek to explain exactly why the blogger is currently engaged in a social engineering campaign against it. In the press statement, the company can provide conclusive evidence that would show that the blogger is not a professional in the field as claimed and that he in fact only has a degree in communications and religious studies. The press statement and mass media advertisements can also be backed by the credible evidence of the US government agencies and domain knowledge experts from the multi-billion dollar companies around the world that are currently using the company’s systems. According to Genasi (2002, p. 14-15), a positive review in the media from a trusted source about a product or company will be believed far more than placing an advertisement promoting a business. The credible evidence of these government agencies and domain knowledge experts will have the effect of improving the company’s rather tarnished reputation. Social Media Campaign EZ Company can also conduct a social media campaign to promote its product and absolve it from the claims that have been maliciously made against it by the blogger. According to Shakarian, Shakarian & Ruef (2013, p. 181), online social media has served to usher in a new age that has changed how information can be managed in various conflict situations. If necessary, the company can hire the services of several bloggers and social media marketing companies to help it in achieving this objective. Another additional benefit of conducting a social media campaign is that such a campaign will be of great aid in helping EZ Company improve its direct engagement with the clients (Evans & McKee, 2010, p. 1-2). Although the bloggers and social media marketing company will be tasked with tackling the online threat that is being posed by the blogger, care should be taken to ensure that only credible information is used and that no direct attacks are conducted against the blogger. The hired bloggers will be tasked with the responsibility of tracking down all the posts that have been made by the attacking blogger against the company and responding to them in an effective and professional manner. In doing this, they will seek to point out that the product actually works as indicated by the evidence of the U.S. government agencies and domain knowledge experts that are currently using the company’s products. Approach the Internet Crime Complaint Center Another possible solution that can be used by EZ Company in tackling the threat that is posed by the malicious social engineering cyber attacks that are being conducted by the blogger is by the making of a formal complaint against him at the Internet Crime Complaint center (IC3). Hattis (2013, p. 579) points out that the IC3 is tasked with the responsibility of addressing the crimes committed using the internet and it provides services to both the victims of online crime, and various law enforcement agencies. It is possible for EZ Company to instigate defamation charges against the blogger’s malicious social engineering cyber attack campaign against the company as the camping is based on lies. The IC3 will partner with the relevant law enforcement authorities to bring legal proceedings against the blogger and ensure that cyber attacks against the company are successfully brought to an end. Conclusion The social engineering cyber attacks that are being conducted by the blogger against EZ Company are evidently having an effect on the company as is demonstrated by the fact that they have resulted in a devaluation of the company. The threat posed by these attacks can be addressed by using a number of avenues such as the EZ Company principals approaching the blogger to resolve their long-standing dispute, conducting legal negotiations with the blogger, the issuance of a press statement and creation of mass media advertisements, conducting a social media campaign promoting the company as well as by making a formal complaint at the IC3 against the blogger. According to Blank, (2013, p. 120-122), whereas proponents of cyber trolling argue that the practice is humorous, mischievous and basically a freedom of speech, of particular concern is that personal nature and ferocity of the abuse perpetrated online can be noted to narrowly border on hate speech. In the United States, the First Amendment essentially protects free speech and serves to make it rather difficult to punish individuals that post offensive messages, however concerns about cyber trolling have been on the increase. In the case of EZ Company, it is clear that that the actions by the blogger essentially amount to defamation against the company and it is possible for the company to pursue legal action against the blogger. It is important for the company to ensure that it immediately addresses the threat posed by the cyber attacks against it as perpetrated by the blogger as these can have the effect of causing the company’s valuation to decrease further. References Blank, T. J. (2013). The last laugh: Folk humor, celebrity culture, and mass-mediated disasters in the digital age. Madison: The University of Wisconsin Press. Evans, D., & McKee, J. (2010). Social media marketing: The next generation of business engagement. Indianapolis, Ind: Wiley Pub.Bottom of Form Genasi, C. (2002). Winning reputations: How to be your own spin doctor. Houndmills, Basingstoke, Hampshire: Palgrave.Bottom of FormTop of Form Hattis, S. H. (2013). Crime in the United States 2013. Lanham, MD: Bernan Press. Hines, C. (2007). New Tactics in Public Relations: Opening Dialogue through the use of Weblogs. Journal of New Communications Research. Vol. II/ Issue 1 – Spring/Summer 2007. Marsh, I., & Melville, G. (2014). Crime, justice and the media. Routledge. Shakarian, P., Shakarian, J., & Ruef, A. (2013). Introduction to cyber-warfare: A multidisciplinary approach. Amsterdam [Netherlands: Morgan Kaufmann Publishers, an imprint of Elsevier.Top of Form Workman, M. D., Phelps, D. C., & Gathegi, J. N. (2013). Information security for managers. Burlington, MA: Jones & Bartlett Learning. Read More