• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Protection of Information Assets

Temple University

Protection of Information Assets

MIS 5206.701 ■ Fall 2022 ■ William Bailey
  • HomePage
  • Instructor
  • Syllabus
  • Schedule
    • First Half of the Semester
      • Unit #1: Understanding an Organization’s Risk Environment
      • Unit #2: Case Study 1 – Snowfall and stolen laptop
      • Unit #2: Data Classification Process and Models
      • Unit #3: Risk Evaluation
      • Unit #4 Case #2: Autopsy of a Data Breach: The Target Case
      • Unit #5: Creating a Security Aware Organization
      • Unit #6: Physical and Environmental Security
    • Second Half of the Semester
      • Unit #8 Case Study 3 – A Hospital Catches the “Millennium Bug”
      • Unit #9: Business Continuity and Disaster Recovery Planning
      • Unit #10: Network Security
      • Unit #11: Cryptography, Public Key Encryption and Digital Signatures
      • Unit #12: Identity Management and Access Control
      • Unit #13: Computer Application Security
  • Deliverables
    • Weekly Deliverables
      • “In the News” Articles
      • Answers to Reading Discussion Questions
      • Comments on Reading Discussion Question and Other Students’ Answers
    • Case Studies
    • Team Project
  • Class Capture Videos

In The News

October 12, 2022 by William Bailey 8 Comments

Filed Under: Unit 09: Business Continuity and Disaster Recovery Tagged With:

Reader Interactions

Comments

  1. Jill Brummer says

    October 15, 2022 at 12:48 pm

    https://www.darkreading.com/attacks-breaches/what-the-uber-breach-verdict-means-for-cisos-in-the-us

    The article is about the Uber CISO being charged criminally for not disclosing breaches that occurred in 2014 and 2017. The reason this is a big deal, is because if CISOs can be charged criminally for not disclosing breaches and concealing important information that the public should be aware of, the CISO position could be a challenge to fill because the consequences are now personal. For other items in other areas (non-cyber related), not disclosing required info, usually comes with a fine to the company. The article goes on to say that this is the way “the government is sending a message to CISOs in the US – disclose and potentially lose your job or cover up and go to jail”. It’s also discussed that CISOs hiding information by saying “I didn’t know” reflects negligence. Security teams need to know and be aware of what they can’t conceal.

    The article goes into the future of the SEC cyber-related disclosures that will be required in the near future. The new SEC reporting requirements for cyber related items are the following: material cyber-related incidents must be reported within 4 business days, company must determine the materiality of a cybersecurity incident “as soon as reasonably practicable” after the discovery of the incident, companies must maintain disclosure controls and procedures designed to ensure that all available relevant information concerning cyber incidents are analyzed for timely disclosure, and “cybersecurity incident” means an unauthorized occurrence on or through company’s information systems that jeopardize the confidentiality integrity, or availability of a company’s information systems. The new reporting requirements could have challenges determining what is a “material” breach and making the determination within 4 days. Additionally, having time to investigate the possible breach and conclude if reportable within 4 days could also pose a challenge.

    Lastly, in the article, there are four ways to aid CISOs. The first is to get rid of the tools that alert on every potential attack or misconfiguration, retool (replace outdated techniques), work more closely with the government, and align security goals.

    Log in to Reply
  2. Nicholas Foster says

    October 16, 2022 at 2:17 pm

    https://www.infosecurity-magazine.com/news/calls-for-better-microsoft-teams/

    The article I have chosen to highlight this week speaks to Microsoft Teams and the information being shared on it. With more and more organizations adapting a work from home/hybrid work force thanks to COVID. Instant messaging and Teams Spaces are quickly becoming the new norm for communicating. What we don’t realize is just how sensitive the information we’re sharing on the platform can be. The article highlights that “A total of 48% of respondents admitted to sending messages on Teams they should not have, while 45% said they frequently share confidential and sensitive information via the platform. Moreover, 51% said they often send business-critical documents and data.” While email and virtual/in person meetings are still prevalent, we as a society are moving towards the convenience of IM’s and throwing documents into chats that we believe are secure.

    Log in to Reply
  3. Matthew Stasiak says

    October 17, 2022 at 3:48 pm

    https://thehackernews.com/2022/10/indian-energy-company-tata-powers-it.html

    An Indian energy company, Tata Power Company, confirmed this past Friday that it had undergone a cyber attack that impacted some of its IT systems. The network intrusions were said to have been aimed at 7 Indian State Load Despatch Centres that carry out real-time operations for grid control and electricity dispatch in their respective states. The hackers are said to be associated with the group TAG-38. The company has been working to retrieve and restore the affected machines and putting in security guardrails for customer-facing portals to prevent unauthorized access. The target was intended to facilitate information gathering related to the company’s critical infrastructure assets.

    Log in to Reply
  4. Christa Giordano says

    October 17, 2022 at 8:30 pm

    https://www.bleepingcomputer.com/news/security/mydeal-data-breach-impacts-22m-users-stolen-data-for-sale-online/

    This article is interesting because it discusses a recent data breach event and also what the threat actor did with that information. A subsidiary of the Woolworth company, MyDeal based in Australia announced that 2.2 million customers were impacted by a data breach from a compromised user credentials ro access customer information through the organizations Customer Relationship Management system on Friday. The compromsed information includes names, email addresses, phone numbers, home addresses, and birth dates exposed in the attack. MyDeal has sent out notifications to the affected customers. By Sunday, the threat actors began to sell the compromised information for $600.00 and also provided evidence of the attack (or so they claim) by sharing screenshots of the supposed confluence server and a single-sign-on prompt for the MyDeal’s AWS account. The threat actor also posted customer information for almost 300 MyDeal customers.

    Log in to Reply
  5. Kenneth Saltisky says

    October 18, 2022 at 5:36 pm

    https://www.bleepingcomputer.com/news/security/verizon-notifies-prepaid-customers-their-accounts-were-breached/

    Verizon warned an undisclosed number of prepaid customers that attackers gained access to Verizon accounts and used exposed credit card info in SIM swapping attacks. Attackers used the last four digits of the credit card associated with the account for automatic payments to perform SIM swap attacks. At this point, Verizon blocked further unauthorized access to accounts and reset PINs for an undisclosed number of customers. Verizon has stated that the threat actors could have accessed names, telephone numbers, billing addresses, price plans, and other service-related information. One customer that received the notice was aware of the attack before and realized that the attackers attempted to access their crypto accounts. Verizon has advised setting a new PIN code as well as enabling the ‘Number Lock’ protection feature to prevent the phone number from being ported to another line/carrier or swapped to another SIM until it is unlocked by the account owner.

    Log in to Reply
  6. Abayomi Aiyedebinu says

    October 19, 2022 at 7:25 am

    There is no organization that is immune to cyber-attack or threat therefore organizations must always be prepared and also be informed target. i find this article interesting because it showcases the effect of cyber threat on health care system. Hackers used legitimate credentials to hack into NHS system through a third-party vendor and disrupted many of their services including patient administration, Ambulance services. It is becoming rampant; the health care industry is becoming an unusual target.

    https://techcrunch.com/2022/10/13/advanced-nhs-patient-data-ransomware/?&web_view=true

    Log in to Reply
  7. David Vanaman says

    October 19, 2022 at 5:30 pm

    https://dropbox.tech/infrastructure/disaster-readiness-test-failover-blackhole-sjc

    This article from the Dropbox team talks about their recent (successful) disaster recovery test where they physically pulled the pug on one of their biggest datacenters to live test their preparation. Dropbox is headquartered in San Jose, CA. This puts them right in the high risk area for earthquakes. Recognizing that their infrastructure was at risk, Dropbox put together a disaster recovery team and built out a redundant disaster recovery and business continuity plan to ensure users would have access to their important data even if San Jose was in a state of extreme emergency from a major earthquake. The article delves into the sort of planning and testing was required to get their systems and plans ready to perform the ultimate test, unplugging the San Jose Datacenter from the rest of the network. (they literally pulled the fibre connections coming into the building from the edge routers!) They had some false starts and early tests that didn’t work as planned, but the result of all the efforts was absolute confidence that their system would not suffer even in the worst case disaster.

    Log in to Reply
  8. Maxwell ODonnell says

    October 21, 2022 at 1:20 pm

    Microsoft has confirmed this week that they had inadvertently exposed thousands of customer records after leaving an online endpoint accessible without authentication. The misconfiguration of Microsoft’s Azure Blob Storage was identified on September 24, by cybersecurity company SOCradar. Microsoft has yet to announce how many of its customers have been affected, however, SOCradar claims the number to be close to 65,000 customers in 111 countries. SOCradar also claims the leak consisted of over 2.4 terabytes of data consisting of invoices, product orders, signed customer documents, and partner ecosystem details. Microsoft denounced this projection, stating SOCradar has “greatly exaggerated” when referring to the scope of the breach, claiming most of the data is duplicate. There is no evidence to suggest any data has been accessed by threat actors yet however the data is still compromised, and customers may fall victim to phishing, social engineering, or extortion. This goes to show that even the largest companies are victims of small errors which compromise the data of thousands. No matter how vigilant you are about protecting your personal information, you still need to remain aware of potential cyber-attacks resulting from data breaches like this.

    https://thehackernews.com/2022/10/microsoft-confirms-server.html

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Unit 01: Understanding an Organization's Risk Environment (5)
  • Unit 02: Case Study 1 – Snowfall and a stolen laptop (6)
  • Unit 02: Data Classification Process and Models (6)
  • Unit 03: Risk Evaluation (6)
  • Unit 04: Case Study 2 – Autopsy of a Data Breach – The Target Case (4)
  • Unit 05: Creating a Security Aware Organization (6)
  • Unit 06: Physical and Environmental Security (6)
  • Unit 08: Case Study 3 – A Hospital Catches the "Millennium Bug" (3)
  • Unit 09: Business Continuity and Disaster Recovery (6)
  • Unit 10: Network Security (6)
  • Unit 11: Cryptography, Public Key Encryption and Digital Signature (6)
  • Unit 12: Identity Management and Access Control (6)
  • Unit 13: Computer Application Security (6)
  • Welcome (1)

Copyright © 2025 · Course News Pro on Genesis Framework · WordPress · Log in