Irias \1
Running head: The Cost of Inadequate Controls
Assignment 2: The Cost of Inadequate Controls
CIS560: Security Access and Control Strategies
Data breaches are a preventable part of security management. What is important to
realize is that while they can still occur with quality controls, the real measure is how fast these
, Irias2
The Cost of Inadequate Controls
breaches can be resolved. In the IT industry, speed involves the availability of resources and
point of discovery. Adding the necessary items and routers despite the budget cut is critical to the
infrastructure and will drive future recovery results. We want the recovery results to drive in the
right direction. With a small budget, the LOTR experience should make every effort to develop
the network.
We learned with the initial analysis that the LOTR experience shares their network across
a few departments. There is a lack of controlled access protocols. This creates two issues: there is
an easier way for hackers to reach a higher volume of accounts. Because of this, there is an
inability to track users and transactions from an audit standpoint. There is over privilege in the
system, and without proper training the employees can probe around the network without
consequence. Without monitoring the probing that occurs, we are not taking into account the
amount of entry points we have for breaches.
Annual Loss of Revenue
When it comes to cost of data breaches, there is more to it than just cost to repair. “Over
the past few years, privacy incidents have been announced frequently enough to question
whether organizations have the necessary incentives to safeguard consumer information.”
(Acquisti, Friedman, &Telang 2006) Organizations must consider the impact of the market value
of the company as these incidents are announced. The way in which they are announced also
must be taken into account.
There is payback associated in two different categories for data breaches. Sales, revenue,
and profitability are all impacted but also stock value. “In the case of Choicepoint, after
involuntary allowing criminals to access over 163,000 consumer credit reports, the company was
forced to pay a $15 million in penalties…” (Acquisti et. Al 2006) Choicepoint’s revenue that
Running head: The Cost of Inadequate Controls
Assignment 2: The Cost of Inadequate Controls
CIS560: Security Access and Control Strategies
Data breaches are a preventable part of security management. What is important to
realize is that while they can still occur with quality controls, the real measure is how fast these
, Irias2
The Cost of Inadequate Controls
breaches can be resolved. In the IT industry, speed involves the availability of resources and
point of discovery. Adding the necessary items and routers despite the budget cut is critical to the
infrastructure and will drive future recovery results. We want the recovery results to drive in the
right direction. With a small budget, the LOTR experience should make every effort to develop
the network.
We learned with the initial analysis that the LOTR experience shares their network across
a few departments. There is a lack of controlled access protocols. This creates two issues: there is
an easier way for hackers to reach a higher volume of accounts. Because of this, there is an
inability to track users and transactions from an audit standpoint. There is over privilege in the
system, and without proper training the employees can probe around the network without
consequence. Without monitoring the probing that occurs, we are not taking into account the
amount of entry points we have for breaches.
Annual Loss of Revenue
When it comes to cost of data breaches, there is more to it than just cost to repair. “Over
the past few years, privacy incidents have been announced frequently enough to question
whether organizations have the necessary incentives to safeguard consumer information.”
(Acquisti, Friedman, &Telang 2006) Organizations must consider the impact of the market value
of the company as these incidents are announced. The way in which they are announced also
must be taken into account.
There is payback associated in two different categories for data breaches. Sales, revenue,
and profitability are all impacted but also stock value. “In the case of Choicepoint, after
involuntary allowing criminals to access over 163,000 consumer credit reports, the company was
forced to pay a $15 million in penalties…” (Acquisti et. Al 2006) Choicepoint’s revenue that
