WikiLeaks Case Study

CRITICAL THINKING ASSIGNMENT WikiLeaks Case StudyRead the following WikiLeaks case study (linked below and also available through ProQuest in the library).Ryst, S. (2011). WikiLeaks fuels data breach fears. Business Insurance, 45(1), 1-20.The disclosures at WikiLeaks have raised significant concerns about the damage caused by leaks. Some claim that in many ways, the Wiki Leaks founder, Julian Assange, was terrorizing nation states and corporations.What corporate and/or national policy initiative do you think should be put in place in Saudi Arabia to curb such forms of cyberterrorism?Directions:Your paper should be 2-3 pages in length, not including the title or reference pages.Be sure to provide citations from your readings and additional research to support your statements.Your paper must follow Saudi Electronic University academic writing standards and APA style guidelines, as appropriate.You are strongly encouraged to submit all assignments to the Turnitin Originality Check prior to submitting them to your instructor for grading. If you are unsure how to submit an assignment to the Originality Check tool, review the Turnitin Originality Check Student Guide.
proquestdocuments_2018_04_26__1_.pdf

Unformatted Attachment Preview

Don't use plagiarized sources. Get Your Custom Essay on
WikiLeaks Case Study
Just from $13/Page
Order Essay

WikiLeaks fuels data breach fears
Ryst, Sonja . Business Insurance ; Chicago Vol. 45, Iss. 1, (Jan 3, 2011): 1.
ProQuest document link
ABSTRACT
Recent headline-grabbing leaks by WikiLeaks again have highlighted for companies the complex and fast-changing
nature of cyber risk exposures. Although the highest-profile information released by the company has centered on
government documents, concerns have been raised about corporations also becoming the target of potentially
damaging information leaks. Some say the WikiLeaks affair offers lessons for companies in how to avoid the
release of potentially damaging information. Bryan Sartin, director, investigative response and forensics team,
Verizon Business, recommends that companies first consider what data they have and why they have it.
Depending on the business involved, some might not need to maintain their customers’ identifying information
after a transaction is processed. Monitoring employees’ system use also can help identify problems, some experts
say. Khalid Kark, analyst, Forrester Research Inc, recommends that companies use many layers of security rather
than relying on only one.
FULL TEXT
Headnote
Managing systems, employee risks vital
Could you get WikiLeaked? Recent headline-grabbing leaks by the controversial website again have highlighted for
companies the complex and fast-changing nature of cyber risk exposures. Although the highest-profile information
released by WikiLeaks has centered on government documents, concerns have been raised about corporations
also becoming the target of potentially damaging information leaks. For example, Wiki-Leaks founder Julian
Assange told the Times of London in recent weeks that he had enough information to make the head of a major
bank resign. Amid speculation about the identity of that bank, the Charlotte Observer reported in an article titled
“Cloud of Suspense Surrounds Bank of America, WikiLeaks” that Charlotte-based Bank of America Corp. recently
increased its internal security, taking steps to block access to websites such as Google’s e-mail application, Gmail,
on company laptops. A Bank of America spokesman referred a request for an interview to a colleague, who did not
respond. “Every security incident that you hear about makes you think twice about what you’re doing to defend
against those things yourself,” said Steve Elefant, chief information officer at the Princeton, N.J., card payment
processor Heartland Payment Systems Inc. Mr. Elefant was hired to tighten up Heartland’s information security
after it suffered a costly data breach in 2008. Several individuals were indicted in August 2009 for stealing data
from Heartland and others related to more than 130 million credit and debit cards. The company ultimately paid
around $140 million in data breach-related fines and settlements, though it was able to recover tens of millions in
insurance proceeds, Mr. Elefant said. Heartland has made changes designed to protect it against further data
breaches, including end-to-end data encryption and other steps that make it much more difficult, if not impossible,
to get from its corporate network into the payment network, where transactions are processed. The networks now
are more segmented, physically and logically, so that type of communication can’t take place. “There’s more
awareness about (data breach prevention) among companies,” said Nicolas Christin, associate director at the
Information Networking Institute at Carnegie Mellon University in Pittsburgh. “They’ve clarified their policies with
respect to data breaches, and they’ve made it clear to their employees that this can be a potential problem,” he
said. Some say the WikiLeaks affair offers lessons for companies in how to avoid the release of potentially
PDF GENERATED BY SEARCH.PROQUEST.COM
Page 1 of 4
damaging information. Bo Holland, founder and CEO of the identity protection network Debix Inc. in Austin, Texas,
said existing data regulations are centered around protecting consumers’ information, such as Social Security and
credit card numbers, rather than protecting corporate intellectual property. “WikiLeaks, I think, has done a lot to
raise attention to this issue, but the government regulations aren’t focused in that direction,” Mr. Holland said.
Harlan Loeb, director of U.S. crisis and issues management at the public relations firm Edelman Inc., said
companies should attempt to understand employee concerns and head off problems that might drive the staff to
leak information to third parties. Mr. Loeb cited the example of an energy company that had contacted him after an
employee threatened to disclose damaging information to the press. The employee had raised his concerns about
a pricing issue three or four times to his manager, who essentially ignored him, Mr. Loeb said. The company’s chief
financial officer intervened, dealing directly with the employee to address what was a misunderstanding. “The
manager was so driven by his ego about being questioned that he missed the opportunity to explain something
straightforward,” Mr. Loeb said. Nearly half of data breaches involve insiders, and nearly one-quarter of those
involve individuals who recently experienced a job change, such as termination, resignation or demotion, according
to the “2010 Data Breach Report” from Verizon Business and the U.S. Secret Service. In addition, roughly half of the
breaches in 2009 involved the use of organizational resources or privileges for purposes contrary to those
intended-actions typically done in ignorance of policy or for the sake of convenience, personal gain or malice,
according to the report. Managing data risks In addition to being sensitive to employee concerns, companies can
take various steps to keep closer tabs on their information-and those handling it. Bryan Sartin, director of the
investigative response and forensics team at Verizon Business, recommends that companies first consider what
data they have and why they have it. Depending on the business involved, some might not need to maintain their
customers’ identifying information after a transaction is processed. For example, some companies use a system in
which information from customer credit card transactions is sent out to a so-called black box maintained by a
third-party service provider, which then sends it onward to the payment processor for authorization and
settlement. Customer credit card data, therefore, never resides in the company’s own computer systems. When
sensitive data must be maintained, proper training of employees is vital, experts say. Daniel Groszkruger, a risk
manager at Stanford University Medical Center in Palo Alto, Calif., said his team emphasizes the need for training
to include lessons on importance of keeping patient information confidential. “Employees, particularly new ones,
could be ignorant about the risk and almost innocently disclose information that they shouldn’t,” he said. Kevin
Kalinich, national managing director for cyber liability for Aon Risk Solutions, a unit of Chicago-based Aon Corp.,
said companies often mistakenly assume their employees will cooperate on cyber security procedures. For
example, the information technology department might make sure nobody can get onto computer networks
without a password, but such steps are lacking if employees never bother to change their default passwords into
something that is less easily hacked. To solve that problem, the company might make its computer system lock
people out unless they change their passwords every 90 days-but then more than one-fifth of the staff will begin
writing their passwords on sticky notes to leave in plain sight near their monitors, he said. The “most common
mistake” is inadequate education and monitoring of employees, Mr. Kalinich said. Monitoring employees’ system
use also can help identify problems, some experts say. Mr. Sartin said he recently met with a company that made a
list of the top 10 Internet users in the company-measured by time spent online-and asked those employees why
they were using the Internet so much. “Something that simple will probably spread the word fast that Big Brother is
watching” the staff’s network activity, Mr. Sartin said. Monitoring essential Mr. Sartin said many companies invest
in resources to enable monitoring, but then they check their logs only for trouble-shooting. Better monitoring, he
noted, can help identify problems. “Security monitoring is never something done proactively,” he said. “It always
happens reactively to a problem.” Most of the time, Mr. Sartin’s team doesn’t even need to do forensics to figure
out why a company had a data breach, and instead they end up finding evidence of little problems in the logs that
the clients hadn’t recognized for many months. For example, he said that examining network logs might reveal
suspicious outbound traffic, such as a heavy amount of data being transferred to the same Internet Protocol
address every day between 2 a.m. and 3 a.m. Or someone might have connected to the corporate network from a
PDF GENERATED BY SEARCH.PROQUEST.COM
Page 2 of 4
country where the company has no employees. There are a plethora of security services and tools to help
companies prevent unauthorized access and misuse of their information, but companies need to think carefully
before just throwing money at a problem, some caution. “Many security managers proudly exhibit the latest and
greatest security tool. You may have bought cutting-edge technology with lots of bells and whistles, but don’t
assume that it will automatically protect you from changing threats,” Khalid Kark, analyst at Cambridge, Mass.based information technology research firm Forrester Research Inc., said in an August research note. He
recommends that companies use many layers of security rather than relying on only one. “You always need
complementary people, process and technology controls,” he said.
DETAILS
Subject:
Leaking of information; Data integrity; Risk management; Electronic monitoring;
Guidelines
Location:
United States–US
Classification:
9190: United States; 5140: Security management; 5220: Information technology
management; 9150: Guidelines
Publication title:
Business Insurance; Chicago
Volume:
45
Issue:
1
Pages:
1
Number of pages:
1
Publication year:
2011
Publication date:
Jan 3, 2011
Publisher:
Crain Communications, Incorporated
Place of publication:
Chicago
Country of publication:
United States, Chicago
Publication subject:
Insurance, Business And Economics
ISSN:
00076864
CODEN:
BUINEW
Source type:
Trade Journals
Language of publication:
English
PDF GENERATED BY SEARCH.PROQUEST.COM
Page 3 of 4
Document type:
Feature
ProQuest document ID:
839762239
Document URL:
https://search.proquest.com/docview/839762239?accountid=142908
Copyright:
Copyright Crain Communications, Incorporated Jan 3, 2011
Last updated:
2011-01-17
Database:
ProQuest Central
Database copyright ? 2018 ProQuest LLC. All rights reserved.
Terms and Conditions
Contact ProQuest
PDF GENERATED BY SEARCH.PROQUEST.COM
Page 4 of 4

Purchase answer to see full
attachment

GradeAcers
Calculate your paper price
Pages (550 words)
Approximate price: -

Why Work with Us

Top Quality and Well-Researched Papers

We always make sure that writers follow all your instructions precisely. You can choose your academic level: high school, college/university or professional, and we will assign a writer who has a respective degree.

Professional and Experienced Academic Writers

We have a team of professional writers with experience in academic and business writing. Many are native speakers and able to perform any task for which you need help.

Free Unlimited Revisions

If you think we missed something, send your order for a free revision. You have 10 days to submit the order for review after you have received the final document. You can do this yourself after logging into your personal account or by contacting our support.

Prompt Delivery and 100% Money-Back-Guarantee

All papers are always delivered on time. In case we need more time to master your paper, we may contact you regarding the deadline extension. In case you cannot provide us with more time, a 100% refund is guaranteed.

Original & Confidential

We use several writing tools checks to ensure that all documents you receive are free from plagiarism. Our editors carefully review all quotations in the text. We also promise maximum confidentiality in all of our services.

24/7 Customer Support

Our support agents are available 24 hours a day 7 days a week and committed to providing you with the best customer experience. Get in touch whenever you need any assistance.

Try it now!

Calculate the price of your order

Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

No need to work on your paper at night. Sleep tight, we will cover your back. We offer all kinds of writing services.

Essays

Essay Writing Service

No matter what kind of academic paper you need and how urgent you need it, you are welcome to choose your academic level and the type of your paper at an affordable price. We take care of all your paper needs and give a 24/7 customer care support system.

Admissions

Admission Essays & Business Writing Help

An admission essay is an essay or other written statement by a candidate, often a potential student enrolling in a college, university, or graduate school. You can be rest assurred that through our service we will write the best admission essay for you.

Reviews

Editing Support

Our academic writers and editors make the necessary changes to your paper so that it is polished. We also format your document by correctly quoting the sources and creating reference lists in the formats APA, Harvard, MLA, Chicago / Turabian.

Reviews

Revision Support

If you think your paper could be improved, you can request a review. In this case, your paper will be checked by the writer or assigned to an editor. You can use this option as many times as you see fit. This is free because we want you to be completely satisfied with the service offered.

Order your essay today and save 15% with the discount code DISCOUNT15