Chapter 8
Introduction
Technology has led to several security issues causing firms much investment in order to achieve their goals successfully. Data breach has been an issue due to intentional accessibility of sensitive information by hackers. This paper will answer questions for securing Information Systems book chapter on case study: Sony: The World’s Largest Data Breach.
There are several security and control weaknesses that Sony had. Sony used old versioned software in their Play station Network (Laudon, & Laudon, 2011). The software was Apache Web Server which has security issues such as compromising internet security in large scale firms. Another weakness is that Sony had poor Information Technology infrastructure whereby they were using poor firewall and lack of encryption services in sensitive information. Firewall protects information inside the network and blocks information outside the network. If the firewall is poor, then any information inside the network can be accessed and be changed easily. There are also control weaknesses with Sony such as poor organizational strategies whereby, they did not know which customers’ information was stolen which is extremely embarrassing for a large company with such ignorance. In addition, it took too long to communicate among them considering there are several positions in IT such as system administrators, IT engineers, among others who could help in solving the problem easily and effectively within a short time (Laudon, & Laudon, 2011). They took too long also to communicate to their customers. They even did not communicate directly to them through their emails. They, instead, used blogs which is not an appropriate way of communicating such sensitive information. Also, Sony did not shut down their servers immediately after discovering the breach; they took some time to close which gave hackers opportune time to hack information. Sony too did not lay down privacy policies for protecting information which is a mess. If security could have been invested properly, Sony firm could not have been in this mess.
What management, organizational, and technology factors contributed to these problems?
If there could be significant communication practise in Sony, it could not lead to the problem, considering employees did not communicate to each other after discovering breach. The management did not invest in best IT infrastructure such as up to date software ending up in using outdated ones, using of poor firewalls thus giving hackers best time to hack their network and lack of encryption materials, which is costly. There is also lack of expertise in Sony whereby they did not encrypt customers’ sensitive information. If they could have hired experts in their firm, this could not have found them (Laudon, & Laudon, 2011).
What was the business impact of the Sony data losses on Sony and its customers?
The problem led to loss of a vast number of customers because they were in fear of their personal information exposure. Also, due to closure of Sony’s network for quite some time, they ended up losing in terms of profit. After restoration of service, they had to spend a lot of money to build a strong network which was not in their budget, but they had no other choice. Despite all these, Sony’s customers lost trust with them.
What solutions would you suggest to prevent these problems?
Sony should invest a lot not to experience the problem again in terms of training their employees on security, employing experts who can encrypt information and do other complex tasks and purchasing reliable software. The management should insist the writing of policies and procedures to take care of security of information together with systems. Communication is key to every successful task being performed by a team; thus Sony should encourage employees to communicate immediately even to each other when an issue arises.
References
Laudon, K. C., & Laudon, J. P. (2011). Essentials of management information systems. Boston: Prentice Hall.
