Case Study 3:
Certification Hacking at DigiNotar
Due Week 9 and worth 75 points
Over the past ten to fifteen (10-15) years, there have been many security
breaches at major organizations. In many cases, the result becomes the demise
of the organization. Recently, a certificate hacking incident at DigiNotar
resulted in the demise of the company. Read the article titled “DigiNotar dies from
certificate hack caper”.
Imagine you are an Information Security Manager in a medium-sized organization
and your CIO has asked that you provide an analysis of DigiNotar’s certificate
hacking incident and what it means to your organization.
Write a three to five (3-4) page paper in which you:
Summarize the security breach and explain its
significance to a medium-sized IT consulting company, in regard to the
importance of protecting the privacy of their customers.
Analyze DigiNotar’s initial response to the
incident as well as their later responses to the incident.
Suggest how DigiNotar could have better
handled this security breach.
Analyze the laws and regulations involved with
this incident and describe the controls that your organization needs to
implement to ensure they are compliant.
Describe the non-technical factors that
impacted DigiNotar in this incident and how those factors are similar in your
organization and how they are different in your organization.
Describe the elements that need to be included
in the organization’s IT audit plans and framework to ensure that this type of
incident, and other privacy-related incidents, do not occur in the
Use at least three (3) quality resources in
this assignment. Note: Wikipedia and similar Websites do not qualify as quality
Your assignment must follow these formatting
Be typed, double
spaced, using Times New Roman font (size 12), with one-inch margins on all
sides; citations and references must follow APA or school-specific format.
Check with your professor for any additional instructions.
Include a cover page
containing the title of the assignment, the student’s name, the professor’s
name, the course title, and the date. The cover page and the reference page are
not included in the required assignment page length.
The specific course learning outcomes
associated with this assignment are:
Describe the process
of performing effective information technology audits and general controls.
Describe the various
general controls and audit approaches for software and architecture to include
operating systems, telecommunication networks, cloud computing,
service-oriented architecture and virtualization.
Develop an audit plan
and control framework that addresses and solves a proposed business problem.
Use technology and
information resources to research issues in information technology audit and
Write clearly and
concisely about topics related to information technology audit and control
using proper writing mechanics and technical style conventions.