St Petersburg College Micron Trade Secrets Case Study

Content Type

User Generated

User

wnqr86

Subject

Computer Science

School

ST PETERSBURG COLLEGE

Description

A case study analysis is an examination of a situation or institution with view towards making recommendations. Cases are usually based on real situations, although for the sake of confidentiality the names of persons and institutions may be disguised.

Analysis Method

Many methods can be used to analyze case studies. The outline below, provides a step-by-step procedure that can be applied in many situations.

1. Read the case study attentively at-least two or three times. Become familiar with the key points of the situation without adopting a position on the case. Read as carefully and objectively as you can.

2. After becoming thoroughly familiar with the case, make notes regarding the main issues as you see them.

3. Consider the question(s)assigned by your instructor. Record all information perti-nent to these in the form of case notes.

4. Decide which principles, theories, or models(usually part of the assignment) best apply to the observed facts of the case to prepare your answers. Remember that your analysis is likely to be founded on a specific theory, and avoid solutions based mainly upon personal intuition.

5. Develop your solution in consideration of the principles, theories, or models that you have selected. The assigned questions may require you to consider alternative solutions. Remember the importance of showing not merely your judgement but the basis for it. Occasionally, case studies are assigned for analysis without specific questions. The student must then devise a framework that will enable the analytical and/or synthetic treatment of strategic issues. One general approach is as follows:

1. Follow steps one and two (above).

2. Identify the key problems and their root causes.

3. Develop solutions to the identified problems. Wherever possible, specify objective or quantitative criteria to assess the solutions (qualitative indicators of success may be too subjective).

4. Follow steps four and five above to identify and apply theoretical concepts. A list of alternative solutions should emerge from this stage.

5. The final selection of a solution from alternatives is based upon how well it meets the criteria you have established. In most cases you will select an optimal approach and provide a realistic assessment of your solution’s strengths and weaknesses.

6. Present the chosen solution(s) in detail.

7. Use an appropriate format for your case study analysis. Use suitable headings and subheadings. Do not forget the value of graphics; a chart or table can present in-formation more effectively than unsupported text.

Tricks and Traps

Most comprehensive case studies contain some information that is of marginal importance to the main issues—or at least, to the issues you are directed to examine. Remember to consider the implications of your theoretical framework(s): unacknowledged assumptions can limit your thinking and your critique of alternative solutions. When you begin to prepare your “recommendations” section, stop and review the assignment yet again; many case study analyses fail to address the issues identified by the instructor.

Sample Format

Abstract/Executive Summary: single paragraph summary including recommendations.

Problem Statement: Overview of key issues arising from case analysis

Case Analysis: Theory-driven analysis of case(s)identifying factors underlying key issues
Alternative Solutions: Pros and cons of possible solutions to problems
Recommendations: Detailed description of optimal solution with rationale
\ read the following case study and provide an analysis as laid out above. \
Ex-Employees Allegedly Steals Micron Trade Secrets Valued at Over $400 Million — November 2, 2018

Three individuals who worked for DRAM maker’s Taiwan subsidiary stole Micron IP to benefit a company controlled by the China’s Government.

Like many other businesses, semiconductor manufacturer Micron Technology employs a range of physical, electronic, and policy measures to protect its trade secrets. Yet all it took for the company to allegedly lose intellectual property worth at least $400 million to a Chinese competitor, was two employees with legitimate access to the data.

The indictment alleges that Stephen Chen, former president of a Micron subsidiary in Taiwan called Micron Memory Taiwan (MMT), conspired with two other former employees to steal proprietary data on Micron’s DRAM technology. The trio is then alleged to have used the stolen data to advance China’s development of its own DRAM technology.

Chen resigned from Micron in 2015 and began working as a senior vice president at United Microelectronics Corp. (UMC), a Taiwanese semiconductor foundry with a technology-sharing agreement with Fujian Jinhua Integrated Circuit, a Chinese government-owned semiconductor plant.

In that role, Chen is alleged to have hired two former MMT process managers to UMC. Both of the engineers allegedly stole confidential and proprietary data before and after quitting the Micron subsidiary and used it to advance UMC and, in turn, Finjan Jinhua’s own DRAM development work.

Before leaving MMT, one of the indicted individuals, based in Taiwan at the time, allegedly downloaded over 900 confidential and proprietary files belonging to Micron from the company’s US servers. The engineer stored the downloaded files on external USB drives and in a personal Google Drive account that he later accessed while working for UMC.

A lot of the stolen trade secrets were contained in PDF documents and multi-tabbed Excel spreadsheets. Several of the PDF documents contained hundreds of pages — the biggest one had 360 pages.

Unformatted Attachment Preview

Chapter 1. Overview Insiders pose a substantial threat due to their knowledge of and access to their employers’ systems and/or information. They bypass physical and electronic security measures through legitimate means every day. There is no demographic profile of a malicious insider—they are men and women, married and single, young and old, and cover a range of ethnicities. However, we have identified some distinct characteristics of insiders and their crimes, which can be used in designing mitigation strategies. Insider IT sabotage is typically committed by technical users with privileged access, such as system administrators, database administrators, and programmers. The motivation in these crimes is usually revenge for a negative workplace event, and the crimes are often set up while still employed, but executed following termination. Insider theft of intellectual property (IP) is usually committed by scientists, engineers, programmers, and salespeople. These insiders usually steal the information they worked on, and take it with them as they leave the organization to start their own business, take with them to a new job, or give to a foreign government or organization. Insider fraud is usually committed by lower-level employees such as help desk, customer service, and data entry clerks. The crimes are motivated by financial need or greed, and they typically continue for a long period of time. Many of these insiders are recruited by outsiders to steal information. Collusion with other insiders is very common in crimes involving modification of information for payment from the outside. In this chapter, we begin with true stories of insider attacks, which will help you to understand the different types of insider crimes as well as the potential consequences. We believe that the more actual cases you read, the more you will come to understand the patterns in the cases. Next, we point out the expanding complexity of insider threats. Although we have broken the problem into three distinct crime profiles, and most incidents resemble those profiles, there are some complex issues that we must point out so you understand the scope of the problem. In this chapter we simply want to raise the issues so that you keep them in mind as you read the rest of the book. In Chapter 9, Conclusion and Miscellaneous Issues, we provide more detail on each of these issues. The next section contains a breakdown of the cases in our insider threat database. Our database of more than 700 insider threat cases provides an unmatched wealth of information that can be useful to all of you in understanding insider threats and in designing mitigation strategies. If you are interested in additional details from our database, refer to Appendix B, Deeper Dive into the Data. In addition, Appendix C, CyberSecurity Watch Survey, contains detailed findings from the CyberSecurity Watch Survey, which we conduct annually with the Secret Service and CSO Magazine.1 Next, we explain the importance of our crime profiles and associated crime models. Over the years, we have heard that the first impression of some practitioners is that they are not interested in “academic models.” The good news is that, although in some cases we started with complex academic models, we have translated them into straightforward, practical teaching tools that have raised awareness and resulted in successful mitigation strategies for practitioners for years. Those high-level models are the ones we use in this book. We end this chapter with a brief description of the objective and work of the CERT Insider Threat Center. If you don’t care where material in this book Chapter 2. Insider IT Sabotage Insider IT sabotage: insider incidents in which the insider uses information technology (IT) to direct specific harm at an organization or an individual. Cases of insider IT sabotage include the most technically sophisticated attacks in the CERT insider threat database, and have caused substantial harm to people and organizations. Insider IT sabotage has occurred in almost every critical infrastructure sector, and poses a threat to virtually every organization in government and industry—to any organization reliant on information technology. In one insider IT sabotage case, a former system administrator wiped out 18 months of cancer research, which was never recovered. In another, a company lost $10 million, laid off 80 employees, and nearly went out of business. In yet another, billions of critical files were deleted from a financial institution’s servers around the world when a logic bomb went off on every server at 9:00 a.m. just when the banks opened for business. In this chapter we describe the profile of insider IT sabotage and present strategies for mitigating insider IT sabotage crimes.1 These crimes are committed by technically sophisticated system administrators or programmers, using the same types of online actions typically used by those same employees or contractors in the course of their normal activity. Therefore, some say that stopping these types of attacks is next to impossible. Fortunately, we have identified distinct patterns in nearly every insider IT sabotage case. In this chapter we describe those patterns and present mitigation strategies that use those patterns to your advantage. These techniques include both technical and nontechnical measures. In addition, some are proactive across the enterprise, while others are targeted at specific employees triggered by indicators that could suggest an increased risk of attack. Fortunately, we have identified distinct patterns in nearly every insider IT sabotage case. In this chapter we describe those patterns and present mitigation strategies that use those patterns to your advantage. For example, we suggest countermeasures such as periodic account audits, since a number of these insiders created backdoor accounts2 prior to being fired so that they could get back in and exact their revenge following termination. With more and more identity management systems3 available, we would expect to see a reduction in the use of this technique. However, during the week this chapter was written, a former system administrator at a large, multinational corporation used a VPN token4 he had created for a nonexistent employee prior to being fired to break back into his employer’s network and sabotage its systems. On the other hand, we realize that account audits are time consuming and difficult to perform, especially at times of reduced staffing levels. Therefore, we also suggest that when a system administrator is sanctioned and “on the HR radar” you perform a detailed audit of all accounts that have been created since he first became disgruntled and began exhibiting concerning behaviors in the workplace. The bottom line is that we believe there is a good chance to thwart these attacks, but it requires careful planning and implementation of mitigation strategies across your organization. We do have some “good-news” cases. • A logic bomb would have wiped out every file on every server on the network. Fortunately, the organization reacted swiftly to a suspicious comment made by a system administrator who was to be fired the following Monday, took all systems offline over the weekend, and discovered the logic bomb before it executed. • A logic bomb would have destroyed information on more than 70 servers, including
Purchase answer to see full attachment

Explanation & Answer:

1500 Words

Tags: Insider threat incident stolen trade secrets Micron Trade Secrets

User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Please view explanation and answer below.

1

Running Head: INSIDER THREAT INCIDENT

Insider threat incident
Course name
Student name
Course code
Student ID number
Institution Affiliation

2
INSIDER THREAT INCIDENT
Insider threat incident
Executive summary
As the name implies, an insider threat is any situation in which a member of a company's
inner circle has unauthorized access to a company's most sensitive data or systems. When it
comes to the geopolitical repercussions of such operations, the most significant lesson for
corporations is that they need to bolster their defenses. Despite firms spending millions of dollars
to fight against external attacks, study shows that they are not doing nearly enough to protect
against trusted insiders who have access to corporate networks and information. As multiple
surveys have shown, employees are just as destructive to corporate data, if not more than
external attackers. Although human mistakes and ignorance can lead to breaches, purposeful
actions like those at Micron have also resulted in them (Bailey et al., 2018). Security
professionals have long known that organizations must utilize monitoring methods to
successfully detect unusual or suspect user behavior to combat security threats.
Problem statement
Insiders have access to the data and IT systems used in a company's day-to-day
operations, giving them the power to do significant harm. Due to his position as president,
Stephen Chen was a well-liked member of Micron's management team. He was thoroughly
aware of every aspect of the organization's plan and every strategy to be implemented. Because
of this, Chen's chances of stealing confidential information from the company increased. When
employees of a firm work together to achieve goals that have a detrimental impact on the
company, the company is deemed at high risk. Collecting critical data from Micron's DRAM
with two other former employees sped up the process since no one else in the company was

3
INSIDER THREAT INCIDENT
aware of what was going on at the time. It was difficult for the company's workers to name the
former president as a prime suspect while realizing certain data was missing.
Micron has had to deal with the financial repercussions of a data breach, and they are by
far the most urgent and severe (Hashim et al., 2018). Compensating customers who had been
affected, setting up incident response teams, investigating the breach, putting in place new
security measures, and paying legal fees were all necessities, not to mention the crippling
regulatory penalties that could have been imposed for failure to ...