OBJECTIVE & PURPOSE:
The purpose of this assignment is to help students be able to: Identify a data breach incident from news media and provide an overview of the case; Analyze common security failures and identify specific cybersecurity principles that have been violated; Given a specific scenario, identify the cybersecurity principles involved or needed to increase the cybersecurity posture; and describe appropriate measures to be taken should a system compromise occur (Business Continuity Plan).
DESCRIPTION OF ASSIGNMENT:
Your assignment will be to first to identify and conduct investigation using (Google, news report, government report, and any other valid source) into a data breach incident of an organization in the past several years. *** NO CASE That was reviewed during class will be accepted! Ensure you select new case, not one covered in class. Assignment done on cases covered in class will get immediate zero***
Then, develop a written paper that will provide the following sections:
Data Breach Overview: Provide an overview of the data breach incident you selected, the organization that it occurred in, and indicate if any prior data incidents occurred in that organization previously (Use references to support your claims).
Cybersecurity Failures: Analyze the cybersecurity failures and identify the specific dimension(s) of cybersecurity and their related principles (Hint: McCumber Cube and it’s dimensions + relevant principles on each dimension!) that have been violated during the identified data breach incident (Use references to support your claims).
Cyber Risk Management: From recent industry and/or government reports (i.e. less than three years old) and in your own words (no quotes, but use references to support your claims) identify the cyber risk management factors (Likelihood – also known as ‘rate of occurrence’ + estimated impact) associated with the specific cyber incident that occurred for the organization you’re investigating. (Use references to support your claims). Include a simple table to highlight the cyber threat, risk description, likelihood, impact, and actions proposed to mitigate that cyber threat in the future.
Business Continuity Plan: In your own words (no quotes, but use references to support your claims) describe appropriate measures that the organizations should take to mitigate the risk of another data breach incident in the future.
Conclusion: In your own words (no quotes!!!), provide a conclusion that summarizes the whole paper.
In particular, you will need to develop a 5- to 7-page document (not more!) that outlines each of the section above and provides the details to address the points above.
