University of Virginia Data Breach Data Security Case Study Analysis

User Generated

wbuaxnv78

Writing

University of Virginia

Description

The case must address data privacy, hacking, and it should also address an ethical situation as this is an ethical analysis assignment. Individuals with identified names must be involved and specific data should be identified for the case.

Unformatted Attachment Preview

Student Name: Student ID #: Case Study Name: Part 1 – Describing the Mess In this section you should introduce the case study with sufficient depth that another person can understand (a) what has happened and (b) the nature of the ethical issues WITHOUT having to further research the case on his/her own. Part 2 – Separating the Parts In this section you need to clearly separate the views of the various key stakeholders WITHOUT making judgement. After reading this section, it should be clear what the various groups and individuals on BOTH sides of the case claim to be fact. If you can’t identify multiple stakeholders (ideally 3 or more, but 2 may be sufficient), you have not sufficiently researched the case. Part 3 – The Ethical “Threshing Floor” In this section you need to ethically separate the claims and views (presented in Part 2) using logical reasoning and the support of codes and theories discussed in class. It is not enough to simply claim something is right or wrong. Remember, you must convince another individual that believes you are wrong! This should likely be the longest portion of the report. It is expected that multiple codes and theories will be employed. Part 4 – The Harvest In this final section, you should clearly restate your conclusion for the case AND restate the strongest points supporting that conclusion. This should likely not be more than one paragraph in length. Part 5 – References In this section, you should include APA citations for all references used. You are expected to have multiple references and each reference included in this section needs to be cited within the writing of the report also (Parts 1-4). A quick web search of “APA citation examples” will provide more information for those unfamiliar with this form.
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

please check this one and let me know if we need more edits. Feel free to ask me any question.

Student Name:
Student ID #:
Case Study Name: A Case Study of Data Breach in Target Corporation (one of the largest
retailers in the United States)

Part 1 – Describing the Mess
It was in the year 2013 when Target corporation - one of the largest retailers in the
United States – was hit by a massive, extensive and historical cyber-attack. Private credit cards’
information belonging to 40 million of its customers was jeopardized. The company was hacked
by breaking into their serve (suggestively via one of their vendors), as the hackers stole
customer’s credit card information. Since the hackers were now in the Target’s network
infrastructure, implanted in their server, they planted malware on Target’s payment system in
order to have a gateway to extract customer’s data right from that location. The malware was
programmed automatically send data to three different staging points in the United States
between 10.a.m and 6.p.m. Central-Standard-Time. At this time, traffic from the regularworking-hours could submerge the outbound data traffic created by the malware. (Elgin, Matlack
& Riley). The attack was thought to have occurred at the month of November closed to end, but
an official pubic statement was made public at the middle of December by the Target,
presumably, after the U.S. Federal authorities gave them information about the attack. Moreover,
just before Christmas festival, Target made another confirmation of an attack affecting 70
million customers, costing the company around $200 million; and an extra $100 million

investment meant for revamping their systems in matters cybersecurity and for installing a “chipand-pin” technology. Following the attack, ethical motives took its course: a response plan and
procedures for cybersecurity was rolled down in the days that followed the attack. Around 100
lawsuits were also filed, as its CEO resultantly resigned during that time. (Clark) Gregg
Steinhafel, the CEO then, resigned in May 2014, paving way for the hire of a new CEO. The
Chief Information Officer was also replaced.
Part 1 – Separating the Parts
Actually, before the attack, Target had put in place a new program for their cybersecurity
in the name of FireEye – a program globally used by government agencies. FireEye is effective
when it comes to the detection of sophisticated malware. It was reported that the FireEye
program detected server anomalies in Target’s system, but the security team failed to respond
immediately. Lack of communication between the company management and the cybersecurity
team provided an easy path of success for the hacking. (Elgin, Matlack & Riley).
Therefore, from the stakeholder’s perspective, the technology powered by the FireEye
program was tasked with the malware’s detective control measures, whereas both the
cybersecurity and the company’s management were tasked with corrective and/or preventive
measures, in the contextcyber security controls.
The U. S. Federal authorities too had to get involved in order for Target’s management
authority to finally confirm their imminent loss in matters cyber security.

Part 3- The Ethical “Threshing Floor”

In this case of Target’s data breach, we can relate to both Utilitarianism and Kantian
Ethics; as well as virtue ethics to make ethical analyses. To mention, Utilitari...


Anonymous
Just what I needed. Studypool is a lifesaver!

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Similar Content

Related Tags