Research an information security breach in the last five years of a publicly traded company (include the stock symbol and please focus on an American stock exchange). The breach must be ANNOUNCED within the last five years (hint, Target is off the table), but you probably want to look at least one year back (i.e.. early 2018 and before) to ensure you have enough data to go on. Grading will be scored based on the grading rubric for case studies (page 10 of the syllabus). In this case study, you must:
Explore the cause of the breach. You should look at the firm’s public statements about the breach to determine their disclosure on the cause of the breach.
Explore the impact of the breach.
How much money was reserved in their SEC filings as a disclosure to investors about the breach? Did executives lose their jobs?
Did they have to settle any lawsuits (Look in Lexis Nexis for hints here).
Discuss one control (look at SP800-53 or PCI DSS if it is a payment card breach) that was not in place, and fill out the appropriate Assessment Objective table as you did for Case Study 2 (only do ONE control). Make a recommendation to management of 1-3 steps the company can take to ,hnnct Chair rnmnlianro and
security programs to prevent another breach like this one. as well as improve
Sample Solution
