Scribd
Upload
31 views1 page

Case Study Chapter 5 Page 95 Lost Hard Disk at ISM: 1. What Were The Procedural Shortcomings That Led To This Event?

The document summarizes a case study involving the lost hard disk of a discontinued computer at an information systems management (ISM) company. The disk contained personal data and was not handled according to normal security procedures that would have required immediate destruction or reformatting of the disk. Proper encryption of data also was not implemented. Security protects private personal information from disclosure and abuse such as identity theft. The greater concern in this case was the lack of security procedures rather than the outsourcing of services, as outsourcing does not necessarily reduce security when the provider has effective controls.

Uploaded by

ELIE
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
31 views1 page

Case Study Chapter 5 Page 95 Lost Hard Disk at ISM: 1. What Were The Procedural Shortcomings That Led To This Event?

The document summarizes a case study involving the lost hard disk of a discontinued computer at an information systems management (ISM) company. The disk contained personal data and was not handled according to normal security procedures that would have required immediate destruction or reformatting of the disk. Proper encryption of data also was not implemented. Security protects private personal information from disclosure and abuse such as identity theft. The greater concern in this case was the lack of security procedures rather than the outsourcing of services, as outsourcing does not necessarily reduce security when the provider has effective controls.

Uploaded by

ELIE
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 1

Case Study Chapter 5 page 95

Lost Hard Disk at ISM


Case Summary:

Questions:

1. What were the procedural shortcomings that led to this event?

Normal security procedures would involve strict handling of the discontinued disk, with
requirements that it be immediately destroyed or reformatted in a controlled manner such that the
data could not possibly be recovered by a new user. This would require strictly enforced policies
as to the physical handling of disks in these circumstances. One of the key methods of protecting
the data is to ensure that it is encrypted; if someone steals the physical disk or computer, they
cannot read the data without having access to the encryption key. It appears that these procedures
were not observed.

2. Why is security so important to the maintenance of privacy of personal data?

Security protects private personal information against disclosure and abuse. In the context of this
case, it is a key countermeasure against identity theft. Identity theft involves assembling enough
data about an individual from the internet and corporate databases to enable the perpetrator to
apply for credit in that person’s name, or otherwise use that identity for illegal purposes. Stolen
identities have been used to obtain credit cards, mortgages, passports, and birth certificates, and
arrange false marriages to obtain landed immigrant status.
3. Which was the greater concern in this case—lack of security or outsourcing?
Lack of security is the greater concern. Outsourcing does not necessarily involve a reduction of
security. In many cases it can lead to greater security if the entity chooses a well-run outsourced
service provider with effective security controls in place.

You might also like