I need support with this Computer Science question so I can learn better.
A case study analysis of the private sector case studies
COUSE: Access Control
Make sure to follow APA style. Please make sure your submission is 2 – 3 pages in length and meet the minimum APA formatting guidelines:
• 12-pt, Times New Roman font
• 1” margins on all sides
• Please provide a title page including your Name, Course Number, Date of Submission, and Assignment name.
• Paraphrasing of content – Demonstrate that you understand the case by summarizing the case in your own words. Direct quotes should be used minimally.
• Reference Section (A separate page is recommended.) Please cite the source using APA formatting guidelines. If you need guidance or a refresher on this, please visit: https://owl.english.purdue.edu/owl/resource/560/10… (link is external) Be sure to include at least three reference sources.
• In-text citations – If you need additional guidance, please visit: https://owl.english.purdue.edu/owl/resource/560/02… (link is external)
Case Study Analysis
Synopsis/Abstract/Executive Summary – outline purpose of the study
Analysis – identify problems in the case, supported by factual evidence
Discussion – summarize major problems
Conclusion – here you sum up main points gathered from findings
Recommendation – indicate some alternative solutions
Implementation – explaining what should be done, by whom and when
References – References used in the case study
Appendix – may be used to note originality of data
The case in the private sector analysis focuses on the consequences that data breaches can have towards an organization. It sites that data breaches can be brought about by either physical security lax or even the inadequate logical access controls. Sometimes data breaches can be as a result of both. In a very practical example of the consequences that data breaches cause, the case study shows how LexisNexis, a major information clearinghouse of newspaper, magazine, and legal documents, was hacked and personal information accessed in the process.
Teenage hackers were successfully able in gaining access to the systems of LexisNexis which lead to the exposure of the personal information of over 300, 000 individuals. The exposed credential information included their names, addresses, and SSNs. The particular data breach emanated from failure in the logical access controls. In one of the tactics used, one of the teenagers had to pose as a 14- year old girl who was involved in a chat session with an officer henceforth convincing the officer to download a photo which was essentially a Trojan horse file. This enabled them to access the systems.
The teenagers used very fishy methods of convincing the administrators to allow them to gain access to the systems. They were also able to access login details within the account of the officer that they accessed. This was a perfect data breach to LexisNexis as they were a total of 57 other security breaches that were connected to this particular one. As a result, LexisNexis had to offer identity theft monitoring to all the affected customers. On a lucky note, the hackers were just joyriding and didn’t necessarily trade the information they gained from that hack. LexisNexis vowed to strengthen their customer account and password administration to kill the possibilities of another breach.
Logical access controls are the ones tasked with the prevention or allowing access to their resources upon the establishment of a user’s identity. Logical access controls are the tools and protocols best used for identification, authentication, authorization, and also accountability in the computer information systems (Lee et al., 2008). A security fault on the logical access controls can lead to adverse effects on the organization just as it was to LexisNexis. A simple solution to handle the data breach based on the logical access controls is the use of strong passwords and strengthening of the user accounts.
Another incident of the consequences that arise from security breaches is a case where physical security measures failed in an organization. Bank One, a major Midwest company owned by JPMorgan chase was hit badly by the loss of 100 employee laptops due to a simple failure of the physical access controls. The office in question had only one access point which was controlled by an RFID badge system. Although it was controlled by this badge system it was fully efficient as it took half a minute to one in the opening. The situation was so bad up to the point employees could assist each other to hold the entrance so they could come in at once. Nearly all the employees used employees in this location. In the early 2000s when an all hands off-site meeting, thieves gained the access to the location and made away with laptops.
The physical access controls concentrate on whom, where, and when. They are plainly the ones that determine who enters or exits a building or a certain room. Any unauthorized access is a breach in the physical access controls (Micali et al., 2008). Physical controls include; fences, locks, badge systems, security guards, biometric systems, mantrap doors, lighting, and also the motion detectors. Upon deploying any of the physical access tools in the organization, assuring that it works perfectly to its use is quite crucial. It shouldn’t be the case as it was in Bank one Bank’s entrance system with the RFID badge system.
Lee, T.-Y., Lee, H.-M., Chen, W.-Y., & Chen, H.-S. (2008). Processing Logical Access Control Command in Computer System. International Journal of Digital Content Technology and Its Applications, 2(2), 11–15.
Micali, S., Engberg, D., Libin, P., Reyzin, L., & Sinelnikov, A. (2008). Physical access control. Google Patents.
NOTE: THIS IS MY FRIEND CASE STUDY. PLEASE ANALYZE AND MODIFY. RE-WRITE IT. PLEASE AVOID PLAGARISM