CSIA Cybersecurity Leaders and Managers

User Generated


Computer Science



Unformatted Attachment Preview

Scenario Padgett-Beale Inc.’s (PBI) insurance company, CyberOne Business and Casualty Insurance Ltd, sent an audit team to review the company’s security policies, processes, and plans. The auditors found that the majority of PBI’s operating units did not have specific plans in place to address data breaches and, in general, the company was deemed “not ready” to effectively prevent and/or respond to a major data breach. The insurance company has indicated that it will not renew PBI’s cyber insurance policy if PBI does not address this deficiency by putting an effective data breach response policy and plan in place. PBI’s executive leadership team has established an internal task force to address these problems and close the gaps because they know that the company cannot afford to have its cyber insurance policy cancelled. Unfortunately, due to the sensitivity of the issues, no management interns will be allowed to shadow the task force members as they work on this high priority initiative. The Chief of Staff (CoS), however, is not one to let a good learning opportunity go to waste … especially for the management interns. Your assignment from the CoS is to review a set of news articles, legal opinions, and court documents for multiple data breaches that affected a competitor, Marriott International (Starwood Hotels division). After you have done so, the CoS has asked that you write a research report that can be shared with middle managers and senior staff to help them understand the problems and issues arising from legal actions taken against Marriott International in response to this data breach in one of its subsidiaries (Starwood Hotels). Research 1. Read / Review the readings for Weeks 1, 2, 3, and 4. 2. Research the types of insurance coverage that apply to data breaches. Pay attention to the security measures required by the insurance companies before they will grant coverage (“underwriting requirements”) and provisions for technical support from the insurer in the event of a breach. Here are three resources to help you get started. a. Woodruff Sawyer- Guide to Cyber Liability Insurance b. Prepare Your Business with Cyber Insurance Coverage and Solutions c. Woodruff Sawyer- Cyber 101: Understand the Basics of Cyber Liability Insurance 3. Read / Review at least 3 of the following documents about the Marriott International / Starwood Hotels data breach and liability lawsuits. a. Marriott Starwood Data Breach Highlights Silent Cyber Risk in Acquisitions b. Marriott Hotels fined £18.4m for data breach that hit millions c. Marriott First Response Letter d. What every hotel owner (and operator) needs to know about “data security” after the Wyndham Worldwide case e. The Marriott data breach f. Marriott International Update on Starwood Reservation Database Security Incident 4. Find and review at least 2 additional resources on your own that provide information about data breaches and/or best practices for preventing and responding to such incidents. Write Write a 4-5 page report using your research. At a minimum, your report must include the following: 1. An introduction or overview of the problem (cyber insurance company’s audit findings regarding the company’s lack of readiness to respond to data breaches). This introduction should be suitable for an executive audience and should explain what cyber insurance is and why the company needs it. 2. An analysis section in which you discuss the following: a. Specific types of data involved in the Starwood Hotels data breaches and the harm b. Findings by government agencies / courts regarding actions Starwood Hotels / Marriott International should have taken c. Findings by government agencies / courts regarding liability and penalties (fines) assessed against Marriott International. 3. A review of best practices which includes 8 or more specific recommendations that should be implemented as part of PadgettBeale’s updated data breach response policy and plans. Your review should identify and discuss at least 2 best practices for each of the following areas: people, processes, policies, and technologies. Be sure to describe the difference between processes and policies. 4. A closing section (summary) in which you summarize the issues and your recommendations for policies, processes, and/or technologies that Padgett-Beale, Inc. should implement.
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

AI 0%Plagiarism 5% but citedGrammar is perfectInstructions followed


Data Breach Report

Students Name

Data Breach Report
Padgett-Beale Inc (PBI) uses CyberOne Business and Casualty Insurance Ltd for its
cybersecurity measures. “Cyber insurance is designed to mitigate an organization’s risk exposure
through the offsetting of post-cyber related security breach (system hacks, and other cyber
threats) ensuring business continuity and financial stability” (Lindros & Tittel, 2016). Increasing
concerns regarding cyber security breaches have significantly impacted the team from insurance
companies. It is a known fact that cyber threats are dangerous because almost every business,
whether it is small or large, employs technology in its operation. Technology is becoming more
sophisticated with each passing day; hence, as it becomes more complex, so are the risks and
vulnerabilities we face. Every business or organization must have cyber liability insurance and a
well-developed cybersecurity plan to manage and mitigate cyber risk (Travelers, 2018). PBI was
found not ready for any significant data breach prevention or response exercise.
Consequently, if PBI wants to keep using this exact policy, which is cyber insurance,
then all of them should be amended since they carefully thought of the data breach response
plan/policy concerning it. PBI’s Chief of Staff has given us a task to research through and
analyze Marriott International (Starwood Hotels division) in order to know what it can teach
about data breaches. The middle managers and upper staff will receive this research report so
they can understand how to solve this data breach problem using legal steps taken against
Marriott International.
Data Involved In Starwood Hotels Data Breaches
When Starwood Hotels had a data breach, it meant that there was extensive corporate
information. This included names, phone numbers, email addresses, and passport numbers, as
well as gender and date of birth for Starwood Preferred Guest account details, while also having

check-in and check-out dates, reservation dates, or communication preferences. Consequently,
this attack highlights the consequences that victims face once their identity is stolen through
online attacks such as this one that could lead to financial crimes and massive privacy
infringements, too. That is why it emphasizes the need to have robust cyber security measures in
place to safeguard personal private information from unauthorized individuals (BBC, 2018). The
Federal Trade Commission's response to the Marriott data breach through consumer alerts
provides insights into how regulatory bodies can handle an occurrence of a cyber-security
incident. Acc...

Really useful study material!


Related Tags