Collection Association

1. Information Security Breach at the American Medical Collection Association

In June 2019, the US experienced one of the worst instances of breach of security within the medical sector. Precisely, the American Medical Collection Association (AMCA) was hacked, leading to exposure of critical details of over 20 million patients (Hodge, 2019). Accordingly, AMCA and its contracting firms encountered detrimental consequences that entail numerous lawsuits which led to their bankruptcy. Similarly, the victims’ (patients’) addresses, phone numbers, birth dates, medical information, social security numbers, and payment data were exposed. Thus, this incident exhibits loopholes and weaknesses on matters about information security. Subsequently, it means that interested professionals and firms should conduct further research and development strategies to promote better protection of information, hence avoiding similar incidents in the future. Besides, this occurrence suggests that information security practice is a highly-challenging and sensitive endeavor that demands lots of diligence. Finally, the unfortunate incident shows that an information security breach is a catastrophic event that attracts massive damages and losses to the victims. 

2. University of Delaware (UD) has a corporate vision statement that focuses on promoting information security through the development of a suitable institutional framework and culture for effectively managing information risk. Accordingly, the vision statement strives to ensure effective, efficient, and secure operations of every unit of the University. Hence, UD has a suitable vision statement that encourages information security by influencing and shaping its operation strategies. UD’s vision statement could be accessed through the following link –

https://www1.udel.edu/security/mission.htmlThe main challenge in finding an appropriate vision statement is that several organizations do not vividly and explicitly express their focus in promoting information security. Besides, many organizations focus on information security at a departmental rather than a corporate level. That is, several firms have offices that focus on information security. Moreover, the use of terminologies that entail vision, mission, and information security as search terms does not offer suitable vision and mission statements. Instead, it provides vision and mission statements for organizations whose aims are to provide advice and strategies for encouraging information security. 

Lack of attention to information security at a corporate level could discourage the allocation of sufficient resources and efforts toward the promotion of information security. Accordingly, organizations would fail to secure their information adequately. It could mean that an organization does not prioritize information security by not expressing interest and focus on information security at a corporate level. 

The University of Delaware’s vision statement exhibits a link to relevant strategies for encouraging information security. Specifically, the vision statement strives to explain how the institution would realize its goal of ensuring the safety of its information. 

Case Study Report “Gambling with Security”

The prevalent loopholes and weaknesses in the organization could facilitate information security breaches. The article reveals that human elements serve as the main weak points through which social engineers use to access and manipulate firms’ information (Ashenden, 2008). Besides, a weak organizational culture could encourage leakage of sensitive information to intruders. For instance, a practice of not deactivating accounts and login details of outgoing employees could render a firm vulnerable to hacking and unauthorized access to critical and sensitive information by malicious persons. Besides, the failure of employees to handle their roles diligently discourages the security of data. For example, security guards could allow a stranger into their facility by not using applicable identification documents to confirm the identities of incoming persons. Moreover, the practice of revealing sensitive information to strangers makes the organization more vulnerable to hacking and information security breaches. Also, technical challenges such as poor generation and storage of access tools such as badges and the use of weak or no passwords tend to promote information security breaches (Mitnick, 2005). For example, an individual could have access to and ownership of more than one badges that are used for accessing different places in the facility. Similarly, organizations could lose their information by making them easily accessible, modifiable, and readable to virtually everyone. More so, the use of single and simple restriction tools such as badges could make it easier for hackers to access firms’ information. 

Accordingly, organizations should embrace the use of strong passwords and other relevant strategies to regulate access to their information (Miloslavskaya & Tolstoy, 2019). Moreover, firms should use coding to make it difficult for unauthorized persons to read and retrieve vital details from their databases. Likewise, firms should adjust their information to make them more resistant to unauthorized modification and other forms of alterations. Besides, firms should train and develop their employees to ensure that they remain vigilant and well-informed about suitable strategies for encouraging the safety and security of their information. Also, employees should exhibit sufficient diligence while handling their jobs to ensure that all the established strategies for encouraging information security are implemented. Therefore, firms could significantly reduce instances of information security breaches by developing their human and technological resources.

References

Ashenden, D. (2008). Information Security management: A human challenge?. Information security technical report, 13(4), 195-201.

Hodge, R. (2019, December 27). 2019 Data Breach Hall of Shame: These were the biggest data breaches of the year. Retrieved from https://www.cnet.com/news/2019-data-breach-hall-of-shame-these-were-the-biggest-data-breaches-of-the-year/

Miloslavskaya, N., & Tolstoy, A. (2019). Internet of Things: information security challenges and solutions. Cluster Computing, 22(1), 103-119.

Mitnick, R. (2005, March 8). Gambling with security. Retrieved from https://www.theage.com.au/technology/gambling-with-security-20050308-gdkvl2.html