IFSM 304 Week 4 Discussion (4)
docx
keyboard_arrow_up
School
University of Maryland, University College *
*We aren’t endorsed by this school
Course
304
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
3
Uploaded by gnomechild666
IFSM 304 Week 4 Discussion
Privacy, Data Security, and Liability Issues: A Recent Event Analysis
Event Overview
In the past three years, a notable event highlighting privacy, data security, and liability issues occurred at Morgan Stanley in January 2022. This event involved a significant data breach that exposed sensitive customer information, including personal details and financial records. The breach originated from a cyberattack that exploited vulnerabilities in the company's and gained Unauthorized access into Morgan Stanley’s Network impacting 15
Million customers.
Event Analysis
Privacy Concerns
The compromised data included personally identifiable information (PII), raising serious privacy concerns for the affected customers. This event underscored the importance of safeguarding user data and respecting privacy rights.
Data Security Challenges
The breach exposed weaknesses in Morgan Stanley’s data security measures. The alleged data center equipment was decommissioned and was
not efficiently wiped clean and software not encrypted.
Liability Implications
Following the breach, Morgan Stanley faced legal consequences, including potential lawsuits from affected customers. Regulatory bodies also imposed fines on the company for failing to secure sensitive information adequately. The liability issues emphasized the legal obligations companies have to protect customer data and the potential financial repercussions of negligence.
Recommendations for Prevention
To prevent similar incidents and enhance overall data security, Morgan Stanley should consider implementing the following measures:
1. Decommissioning Old Equipment:
Issue: The breach exploited the fact that Morgan Stanley didn’t decommission servers properly. They also didn’t validate that the information was gone before give decommissioned server to other parties.
Recommendation: Establish a robust system decommissioning servers. Regularly assess the security of the company's decommissioning processes to identify and address potential weaknesses.
2. Enhanced Encryption Practices:
Issue: Inadequate encryption contributed to the ease with which attackers accessed sensitive data.
Recommendation: Implement advanced encryption protocols to protect sensitive information both in transit and at rest. Regularly review and update
encryption practices to align with industry standards. If
3. Incident Response Plan:
Issue: Morgan Stanley appeared unprepared to respond effectively to the breach.
Recommendation: Develop and regularly update an incident response plan that outlines clear procedures for detecting, containing, and mitigating data breaches. Conduct periodic drills to ensure the team is well-prepared to handle cybersecurity incidents.
4. Regulatory Compliance:
Issue: Legal consequences and fines resulted from non-compliance with data
protection regulations.
Recommendation: Stay informed about evolving data protection laws and ensure full compliance. Establish a dedicated team to monitor regulatory changes and implement necessary adjustments to policies and practices.
Conclusion
Addressing privacy, data security, and liability issues requires a holistic approach that combines employee training, technological upgrades, and proactive risk management. By implementing these recommendations, Morgan Stanley can strengthen its defenses against cyber threats, protect customer privacy, and minimize the potential legal and financial consequences associated with data breaches. Regular monitoring, continuous improvement, and a company-wide commitment to cybersecurity
are crucial in maintaining a secure and resilient business environment.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help