Information security incident assessment

Being of a managerial post in the XYZ organization, it is my foremost duty to follow all the regulation formed by the organization and secure the company from arriving threats; which can harm the company’s profile in the market. One such incident which deflated the positive growth of the country and also impacted on my individual performance in the organization is the cyber-crime. In today’s world cyber-crime is efficiently growing most of the companies use the information technology in storing and retrieving the critical information of the information. Resulting to which many risks are connected with using the new innovative technology (Aggarwal, Arora, & Ghai 2014).

Especially in e-commerce trading business, the majority of the work is done on the websites and portal, due to which the cyber-crime risk increases. In my XYZ organization, the information of the customers, their order details, and transaction receipts are stored on the website only whereas the price sensitive information, related to the products and services which shall not be leaked to the customers are also stored on the portal online. Thus it is easily known that any change in the online security system can result in a huge loss for the organization along with defamation of the company as well (Rotich, et. al., 2014).

The incident which took place in the organization is that; the official website of the company was somehow hacked by some unethical hacker. Through this cyber-crime, the hacker succeeded in retrieving the information of the customers of the company and all other price sensitive information which were required by the company in managing the business activities. The hacker took all the personal information records of the visitors and customers of the company (like postal address, payment details, password, user Id etc.). The stored credentials on the website were also hacked and the hacker gain access to the data of the company. Also, the information about the products and services posted on the website were also tampered and theft, resulting in confusion for the customer to make transaction with the company. The major crime which the hacker made was that they changed the bank account details of the company with theirs. Resulting to which, all the transactions and its receipts were made to the account of the hacker not the company (Ablon, Libicki, & Golay 2014).

With this effect, the company suffered major loss of income, data of company and also the customers of the company also became dissatisfied due to this effect. Many customers were made fake call due to leakage of price sensitive information. On my part being a manager, it became very difficult to address the problems of the customers along with analyzing the person liable for the crime. The customer growth decreased resulting in loss for the company, along with which the employee turnover also increased; as the employee felt that they might get trapped in the attack. The company was attracted by many problems at the same time due to which the financial statement of the company got affected. Being a manager of the company I was held responsible for the devaluation of the financial statements of the company. Furthermore, the hacker behind the attack was also not identified. I was held accountable for the cyber-crime and deviations in the management system (Ali, et., 2016).

The XYZ Company was in a state of crisis where all the customers and employees were leaving the organization. Along with which the company was liable to several penalties. Besides this, the hacker behind the issue was still unknown. The company needed to compensate for the problems of its customers along with which it was also accountable to its stakeholders for the devaluation of financial statement and defamation of the image of the company (Williams, & Levi 2017).

Incident Strategy

To cope up with the situation of cyber-crime, the company along with employees took the following steps responsibly:

• In order to assess the hacker liable behind the attack, the company asked the Australian Cybercrime Online Reporting Network (ACORN) to scrutinize the case and take corrective actions (An Australian Government initiative 2017).
• As a responsible manager, I ensured the customers to redress their issues and compensate them for the glitches through which they had gone through. Along with which I initiated a cyber-training program for the employees in order to make them capable to address the issue and deal with the issue efficiently.
• For managing the interest of stakeholders, the company initiated meetings to make them understand about the critical situation of the organization.
• Also, the main purpose of the issue, that is technical appliances were properly taken care of. The employees of the company made sure to amend changes in the organizations so that there is no space for cyber-crime next time (Ali, et. al., 2016).
• Also the price sensitive information and the customer traction details were now encrypted with a code so that privacy is maintained and no personal information of the customer is revealed without their information.
• One of the major reason which was left forgotten during the whole issue is the outsourcing company which aids the company in continuing its activities. The most of the important information of the company were also transferred to the outsourcing company to manage the actions of the company from their end. But there was a possibility of cyber-crime from their end, so the company took the initiative to inspect the outsourcing company and its employees as well. Further, the process of passing on the information to the outsourcing company is now done my surveillance
• Also notice was issued to all the customer and visitors of the company to change their id password and secure it with access code so that no personal information is leaked in public without their permission (McGregor 2014).
• I appointed qualified software designers to manage the activities of the company and develop new and efficient database which shall secure the data of the company and is typical for the hackers to hack.
• A preventive action plan was formed analyzing the crisis faced by the company along with concerning ethical and technical issues; which the company shall comply. This action plan would be followed by all. The plan would also scrutinize the activities of the employees as well.
• A framework and procedure shall be defined on the website as well discussion the issue so that the employees shall also be aware of the cyber-crime activities. Further, the cyber ethics compliance certificate shall also be posted on the web page so that all the government regulations are also complied (Parliament of Australia 2017).

Conclusion

Concluding to the above report, the XYZ company face the cyber-crime due to which all the financial and price sensitive information of the company and its customers was theft and misused. Further the company took preventive actions to cope up with the situation and manage to keep the interest of stakeholders in the business only. Thus, the company initiates strict action plan under the surveillance of manager so that the company doesn’t face the cyber-crime crisis again. Also, all the legal and governance regulations complied in order to avoid penalties.

References

Ablon, L., Libicki, M.C. & Golay, A.A., 2014. Markets for cybercrime tools and stolen data: Hackers’ bazaar. Rand Corporation.

Aggarwal, P., Arora, P. & Ghai, R., 2014. Review on cyber crime and security. International Journal of Research in Engineering and Applied Sciences, 2(1), pp.48-51.

Ali, N.I., Samsuri, S., Sadry, M., Brohi, I.A. & Shah, A., 2016, November. Online Shopping Satisfaction in Malaysia: A Framework for Security, Trust and Cybercrime. In Information and Communication Technology for The Muslim World (ICT4M), 2016 6th International Conference on (pp. 194-198). IEEE.

An Australian Government initiative, 2017, ACORN, viewed on august 4, 2017 from https://www.acorn.gov.au/

McGregor, J., 2014, The Top 5 Most Brutal Cyber Attacks Of 2014 So Far, viewed on august 4, 2017 from https://www.forbes.com/sites/jaymcgregor/2014/07/28/the-top-5-most-brutal-cyber-attacks-of-2014-so-far/#486ba02b134d

Morris, C., 2016, Digital warfare heats up, viewed on august 4, 2017 from https://www.cnbc.com/2016/07/07/10-high-profile-cyberhacks-still-impacting-consumers-today.html#slide=1

Parliament of Australia, 2017, House of Representative Committees, viewed on august 4, 2017 from https://www.aph.gov.au/parliamentary_business/committees/house_of_representatives_committees?url=coms/cybercrime/report/chapter5.htm

Rotich, E.K., Metto, S.K., Siele, L. & Muketha, G.M., 2014. A Survey on Cybercrime Perpetration and Prevention: A Review and Model for Cybercrime Prevention. European Journal of Science and Engineering, 2(1), pp.13-28.

Williams, M.L. & Levi, M., 2017. Cybercrime prevention. Handbook of Crime Prevention and Community Safety, p.454.