Zappos is the world's leading online store selling women's men's, and children's shoes and accessories, and was recently sold by founder and CEO Tony Hsieh to Amazon.com for $800 million (Hsieh, 2010)
Lessons Learned From Zappos' Security Breach in January, 2012 On January 16, 2012 Zappos' experienced its first major security breach through a compromised server at its recently opened Kentucky Distribution Center, with an experienced hacker gaining access to potentially 24 million customer records. The Zappos' internal ordering systems had encrypted passwords for safety as part of its basic architecture, yet the last four digits of credit cards, complete customer histories and contact information were all compromised (Letzing, 2012)
com for $800 million (Hsieh, 2010). As part of the sales of this massive website and online business, Tony Hsieh successfully negotiated to retain control over the logistics, supply chain and innovative approaches to warehouse management that drastically reduces the time to complete an order (McDonald, 2011)
Both types -- qualitative and quantitative -- have their advantages and disadvantages. One of the most well-known of the quantitative risk metrics is that that deals with calculation of annual loss expectancy (ALE) (Bojanc & Jerman-Blazoc, 2008)
The difference between models and metrics is that whilst models provide measurements at a single point in time of discrete factors, metrics are the derivation of comparisons of two or more measurements taken over a period of time. Models, in other words, come as a result of counting, whilst metrics are generated by analysis or stated still another way; measurements are raw digits and facts whilst metrics are objective or subjective interpretations of these data points (Chowdhary & Mezzeapelle, n
Security breaches can occur either because of defective software designs, bad configurations of systems, defective communication protocols, lack of awareness of security procedures or recklessness, improper procedures, and so forth (Pedro & Ashutosh, 2010)
Considering that he is a spokesman for Gawker really says it all. This upstart company seeks to profit from tech voyeurism and has the gall to thumb their nose at responsible party's who has made good faith efforts to guard their clients' privacy agaist just such stupidty (Tate, 2010, June 10)
Considering that he is a spokesman for Gawker really says it all. This upstart company seeks to profit from tech voyeurism and has the gall to thumb their nose at responsible party's who has made good faith efforts to guard their clients' privacy agaist just such stupidty (Tate, 2010, June 10)
Apple, who is known for having exceptional control and expertise in their new product development process, failed to coordinate and collaborate effectively with their service partner, AT&T on the launch of the iPad, and a massive security hole was found (Ante, Worthen, 2010). From this perspective, Goatse is actually doing the public a very big service as Apple would go on to sell over 1 million units in the first 28 days of the product being available (Carr, 2010)
In arguing in favor of computer hacking as an ethical corporate strategy for computer security firms, the following several points need to be kept in mind. First, hacking is pervasive and the majority of it is originating outside the United States, including Russia, Ukraine, China and throughout Southeast Asia (Dwyer, 2009)
Today, through its Veterans Health Administration (VHA), the Department of Veterans Affairs (VA) is the largest healthcare provider in the United States, and millions of veteran patients receive care from its nationwide network of medical centers, outpatient clinics and Vet Centers. In recent years, the VA has committed itself to improving the quality of patient care it provides by implementing a wide range of technological solutions, including electronic healthcare records and a sophisticated communications system (Boyer, 2011)
216). Some authorities, though, maintain that so-called "cybercrimes" are simply conventional crimes being committed in a new medium (Brenner, 2007)
The VA has notified and offered credit protection to all 7,054 veterans in the database. VA says the type of security flaw was one that could have exposed veterans' data, including name, address, dates of birth, phone numbers and VA patient identification number, via the Internet (Contractor security flaw puts data of 7,000 veterans at risk, 2014, para
6). The June 2014 congressional hearing also uncovered the fact from two VA officials that the VA has been hacked numerous times by foreign actors since March 2010 (Gusovsky, 2014)
Indeed, even the VA concedes that the steps that it has taken to date have not solved the data security problem. According to a Federal Information Security Management Act for Fiscal Year 2014, "VA has made progress developing policies and procedures but still faces challenges implementing components of its agency-wide information security risk management program" (Halliday, 2015, p
28). It is estimated that the costs of cybercrime each year top $400 billion (Inan & Namin, 2016)
4). Mismanaged software update (January 15, 2014) This breach occurred when a bungled software update to VA's eBenefits system exposed at least 5,300 veterans' medical and financial information to the public (Konkel, 2014)
4). Mismanaged software update (January 15, 2014) This breach occurred when a bungled software update to VA's eBenefits system exposed at least 5,300 veterans' medical and financial information to the public (Konkel, 2014)
4). Computers donated contained patient data A report concerning discarded hard drives and disk sanitization practices revealed that in August 2002 the United States Veterans Administration Medical Center in Indianapolis sold or donated 139 of its computers without removing confidential information from their hard drives, including the names of veterans with AIDS and mental illnesses (Matwyshyn, 2009, p
It also asked them to require remote users to reauthenticate themselves after 30 minutes of inactivity. In addition, the VA breach resulted in more focus on securing remote systems via the use of endpoint network admission control tools to ensure that any system logging into a network has adequate antivirus and firewall protections, has all the mandated configurations settings and is properly patched (Vijayan, 2007, para