2
Application of Cyber Principles
Jacob Brumit
Southern New Hampshire University
2023TW5
Application of Cyber Principles
Transunion is a global insights and information company with operations in over thirty countries with over twelve thousand associates. It is one of the largest credit agencies around the globe serving more than one billion customers every year, with over twenty percent of them being in the United States. This company is proud of its motto of making trust possible so that consumers and businesses can confidently execute their processes while achieving great things. Transunion has a huge information system and network infrastructure with servers worldwide. One such server is the one run by their South African division. In August 2022, Transunion’s South African division experienced a data breach that affected millions of customer records. A hacker group called N4aughtysecTU based in Brazil breached Transunion’s server operated by the South African division and gained access to sensitive and personal data on its customers (Kovacs, 2022). The hackers got away with millions of records comprising customer names, social security numbers, license numbers, bank account numbers, and phone numbers, among others. This sensitive data was gained through the compromised login credentials of one of the company’s customers. Transunion South Africa ad to take most of the information systems infrastructure offline while they investigated the sources of the data breach.
The hackers claimed to have compromised a customer account with a password “password” to gain access to data on the company’s server. The hacker group also tried to extort Transunion South Africa by requesting fifteen million dollars in cryptocurrency in exchange for not releasing compromised data. The group also threatened to access company customers with financial demands for their data. However, the organization chose not to pay the ransom. This case is one of the many that prove the need and importance of cybersecurity principles. Unfortunately, the digital and interconnected nature of the cyberinfrastructure, although advantageous for organizations, has cyber criminals with new opportunities for crime. Cybersecurity practices and principles are meant to counter these opportunities while allowing secure web-based activities and transactions (Gupta, 2018). Any organization needs a secure information technology infrastructure to maintain business transactions regardless of its operation sector. With the right cybersecurity, an organization can protect itself and its sensitive systems from cybercrime. Cybersecurity principles are meant to address weaknesses and vulnerabilities in networks and computers. Cyber laws include any rule or registration that applies to web-based technologies and the internet. These principles are for organizations, including Transunion, to achieve cybersecurity effectively. Several cybersecurity principles can be implemented, but the major ones include network security, secure configuration, continuous monitoring, password management, risk management, incident management, and user education and awareness. These principles aim to maintain the confidentiality, integrity, and availability of information, data, and systems.
Risk assessment and management are vital in ensuring the cyber security of company data and information systems. A risk management plan must be set up, comprising applicable practices and policies. This risk management plan should be supported by an information technology governance structure that is strong and with expertise. Secure configuration of information systems and networks is also important to ensure cyber security. Networks and information systems should be well configured to counter attacks and maintain security. Secure password management is another vital principle for any organization with information system infrastructure. Passwords are vital as they are the key to sensitive company systems (Gupta, 2018). As such, it is necessary to ensure that passwords used in company systems and networks are strong and secure and are hard to crack or compromise. The data breach at the Transunion South Africa division occurred dues to a weak password used by a customer accessing company systems. The default password of the user account had not been changed and was, therefore, easy for the hackers to compromise. There is a need for an organization to enforce strong password policies and ensure that all system users, including employees and customers, adhere to set guidelines.
System and network users and employees are vital to maintaining company security and safety. If system end-users are not aware of cyber security policies and practices defined and set by the company, cyber security is hard to achieve and maintain. End users and employees need to be provided with cyber security awareness, with regular training to ensure they are aware of company policies and security threats that may lead to data breaches. Security professionals and information technology staff need to be highly trained to be ready to combat any arising security issues or breaches. Further, a security incident and event management solution must be implemented to ensure the organization can counter cybersecurity incidents (Gupta, 2018). These policies must support organization processes while ensuring security across all endpoints, endpoints in motion, and at rest. Additionally, monitoring solutions and plans must be implemented to help the organization have a complete view of its security posture. The monitoring strategy can also create another security layer when breaches have passed by company prevention and detection systems. This solution will monitor all outgoing and incoming traffic while integrating with logs from security mechanisms. Indeed, cyber law and security principles are vital to ensure the safe operation of company systems and networks.
References
Gupta, B. B. (Ed.). (2018). Computer and cyber security: principles, algorithm, applications, and perspectives. CRC Press.
Kovacs, E. (2022, March 18). Transunion confirms data breach at South Africa Business. SecurityWeek. https://www.securityweek.com/transunion-confirms-data-breach-south-africa-business/
The post 2 Application of Cyber Principles Jacob Brumit Southern New Hampshire University 2023TW5 appeared first on essayfab.