CSIA 300 Data Breach Incident Analysis and Report Paper

User Generated

nfsjdr

Writing

csia 300

CSIA

Description

Write a three to five (3-5) page report using your research. At a minimum, your report must include the following:

1. An introduction or overview of the problem (cyber insurance company’s audit findings regarding the company’s lack of readiness to respond to data breaches). This introduction should be suitable for an executive audience and should explain what cyber insurance is and why the company needs it.

2. An analysis section in which you discuss the following:

a. Specific types of data involved in the Starwood Hotels data breaches and the harm
b. Findings by government agencies / courts regarding actions Starwood Hotels / Marriott International should have taken
c. Findings by government agencies / courts regarding liability and penalties (fines) assessed against Marriott International.

3. A review of best practices which includes 5 or more specific recommendations that should be implemented as part of Padgett-Beale’s updated data breach response policy and plans. Your review should identify and discuss at least one best practice for each of the following areas: people, processes, policies and technologies. (This means that one of the four areas will have two recommendations for a total of 5.)

4. A closing section (summary) in which you summarize the issues and your recommendations for policies, processes, and/or technologies that Padgett-Beale, Inc. should implement.

Unformatted Attachment Preview

CSIA 300: Cybersecurity for Leaders and Managers Research Report #1: Data Breach Incident Analysis and Report Scenario Padgett-Beale Inc.’s (PBI) insurance company, CyberOne Business and Casualty Insurance Ltd, sent an audit team to review the company’s security policies, processes, and plans. The auditors found that the majority of PBI’s operating units did not have specific plans in place to address data breaches and, in general, the company was deemed “not ready” to effectively prevent and/or respond to a major data breach. The insurance company has indicated that it will not renew PBI’s cyber insurance policy if PBI does not address this deficiency by putting an effective data breach response policy and plan in place. PBI’s executive leadership team has established an internal task force to address these problems and close the gaps because they know that the company cannot afford to have its cyber insurance policy cancelled. Unfortunately, due to the sensitivity of the issues, no management interns will be allowed to shadow the task force members as they work on this high priority initiative. The Chief of Staff (CoS), however, is not one to let a good learning opportunity go to waste … especially for the management interns. Your assignment from the CoS is to review a set of news articles, legal opinions, and court documents for multiple data breaches that affected a competitor, Marriott International (Starwood Hotels division). After you have done so, the CoS has asked that you write a research report that can be shared with middle managers and senior staff to help them understand the problems and issues arising from legal actions taken against Marriott International in response to this data breach in one of its subsidiaries (Starwood Hotels). Research 1. Read / Review the readings for Weeks 1, 2, 3, and 4. 2. Research the types of insurance coverage that apply to data breaches. Pay attention to the security measures required by the insurance companies before they will grant coverage (“underwriting requirements”) and provisions for technical support from the insurer in the event of a breach. Here are three resources to help you get started. a. https://woodruffsawyer.com/wp-content/uploads/2019/06/40842_Woodruff-SawyerCyber-Buying-Guide_Final.pdf b. https://www.travelers.com/cyber-insurance c. https://wsandco.com/cyber-liability/cyber-basics/ 3. Read / Review at least 3 of the following documents about the Marriott International / Starwood Hotels data breach and liability lawsuits. a. https://www.thesslstore.com/blog/autopsying-the-marriott-data-breach-this-is-whyinsurance-matters/ b. https://www.insurancejournal.com/news/national/2018/12/03/510811.htm c. https://www.jlt.com/en-bh/insurance-risk/cyber-insurance/insights/marriott-breach-totest-insurance-response CSIA 300: Cybersecurity for Leaders and Managers d. https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2019/07/statementintention-to-fine-marriott-international-inc-more-than-99-million-under-gdpr-for-databreach/ e. https://info.starwoodhotels.com/?gclid=EAIaIQobChMInfbpwazJ5AIV0gOGCh0J1wP_EA AYASAAEgIZQPD_BwE&gclsrc=aw.ds f. http://starwoodstag.wpengine.com/wp-content/uploads/2019/05/us-en_FirstResponse.pdf g. https://www.consumer.ftc.gov/blog/2018/12/marriott-data-breach h. https://news.marriott.com/2019/07/marriott-international-update-on-starwoodreservation-database-security-incident/ i. https://www.hayesconnor.co.uk/marriott-data-breach/ 4. Find and review at least one additional resource on your own that provides information about data breaches and/or best practices for preventing and responding to such incidents. 5. Using all of your readings, identify at least 5 best practices that you can recommend to PadgettBeale’s leadership team as it works to improve its data breach response policy and plans. Write Write a three to five (3-5) page report using your research. At a minimum, your report must include the following: 1. An introduction or overview of the problem (cyber insurance company’s audit findings regarding the company’s lack of readiness to respond to data breaches). This introduction should be suitable for an executive audience and should explain what cyber insurance is and why the company needs it. 2. An analysis section in which you discuss the following: a. Specific types of data involved in the Starwood Hotels data breaches and the harm b. Findings by government agencies / courts regarding actions Starwood Hotels / Marriott International should have taken c. Findings by government agencies / courts regarding liability and penalties (fines) assessed against Marriott International. 3. A review of best practices which includes 5 or more specific recommendations that should be implemented as part of Padgett-Beale’s updated data breach response policy and plans. Your review should identify and discuss at least one best practice for each of the following areas: people, processes, policies and technologies. (This means that one of the four areas will have two recommendations for a total of 5.) 4. A closing section (summary) in which you summarize the issues and your recommendations for policies, processes, and/or technologies that Padgett-Beale, Inc. should implement. Submit for Grading Submit your research paper in MS Word format (.docx or .doc file) using the Research Report #1 Assignment in your assignment folder. (Attach your file to the assignment entry.) CSIA 300: Cybersecurity for Leaders and Managers Additional Information 1. To save you time, a set of appropriate resources / reference materials has been included as part of this assignment. You must incorporate at least five of these resources into your final deliverable. You must also include one resource that you found on your own. 2. Your research report should use standard terms and definitions for cybersecurity. See Course Content > Cybersecurity Concepts for recommended resources. 3. Your research report should be professional in appearance with consistent use of fonts, font sizes, margins, etc. You should use headings to organize your paper. The CSIA program recommends that you follow standard APA formatting since this will give you a document that meets the “professional appearance” requirements. APA formatting guidelines and examples are found under Course Resources > APA Resources. An APA template file (MS Word format) has also been provided for your use. 4. You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs. 5. You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must follow a consistent citation style (APA, MLA, etc.).
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Hi buddy! Your paper is complete! Please go through it and let me know if there is anything else I can do for you. Meanwhile, thank you so much for your patience.

1

Running Head: Cybersecurity Insurance

Cybersecurity Insurance

Student Name

Institutional Affiliation

Course
Instructor’s Name

Due Date

Running Head: Cybersecurity Insurance

2

Introduction

Cyber insurance refers to a product from an insurer formulated to assist firms and
organizations avoid or reduce chances of experiencing cyber-attacks for example
ransomware, malware and distributed systems implications or different ways used by
malicious individuals to interfere with critical data and network (Cisco, 2020). Also
called cybersecurity insurance, the product is used to alleviate particular risks. With the
increasing use of numerous technological devices and applications, the company’s crucial
data and the network becomes more susceptible to cyberattacks.

The same way businesses sought coverage against challenges such as
environmental problems and internal struggles which may bring a company’s
performance down, they require insurance product for cybersecurity too (Cisco, 2020).
More often, a company finds itself making enormous losses whenever data breaches
happen; this is due to the incapability of a company to install appropriate resources to
tackle the issue. Cybersecurity insurance offers such support to assist the company in
avoiding crumbling of one’s business (Cisco, 2020).

The cybersecurity insurance company, CyberOne Business and Casualty
Insurance Ltd, established that Padgett-Beale Inc. (PBI) was doing its operations without
particular measures set to curb cyberattack. Thus the insurance company concluded that
PBI...


Anonymous
Great! Studypool always delivers quality work.

Studypool
4.7
Indeed
4.5
Sitejabber
4.4

Similar Content

Related Tags