Homework

profileGwadys
M06SMALLGROUPASSIGNMENTSECURITY.docx

Guidelines:

1. This is assigned as a small group assignment.

2. Submit an original work addressing the topic and questions provided and other relevant factors you may think of beyond the questions provided here.

3. No title page is required.  Provide your name(s), the course and section number, and date in the header of the first page and subsequent pages.

4. If you use material from outside sources (i.e. the Internet), be sure to cite the source in the body of the paper where you use the information and provide an APA-style reference at the end of the paper.

5. The expected word count is 400-500 words, excluding the information in the header and any references.

6. A plagiarism checker is used, so be sure to cite and reference any outside source material.

7. You are writing with a professional audience in mind, so be sure to use a professional tone.  Do not use a familiar tone as you might use when discussing this with a friend.

Security Consultant Suffers Cyberattack

AACSB Standard:  Global, Data Protection

Deloitte is one of the biggest professional services companies in the world based on both revenue ($38.8 billion in 2017) and number of professionals (over 263,000). It provides audit, tax, management consulting, financial advisory services, and cybersecurity guidance to over 85 percent of the Fortune 500 companies and more than 6,000 private and middle market companies around the world. Its global headquarters is in New York.

In April 2017, the company discovered that its global email server had been hacked starting six months earlier. The hackers gained access to the system through an administrative account that granted them privileged, unrestricted access to all areas. Apparently, the account required just a single password and did not have two-step verification.

Deloitte offers its clients advice on how to manage the risks posed by sophisticated cyberattacks. It also operates a CyberIntelligence Center to provide clients with around-the-clock business focused operational security. In 2012, Deloitte was ranked the best cybersecurity consultant in the world. The firm earns a portion of its $12 billion a year in consulting fees from these services. The breach was a deep embarrassment for the firm.

The use of email is interwoven into the operational fabric of the modern organization and is used to communicate all sorts of sensitive information—new product plans, marketing strategies, merger and acquisition tactics, product designs, patent data, copyrighted material, and trade secrets. The server that was breached contained the emails of some 350 clients including the U. S. State Department, Department of Homeland Security, Department of Defense, Energy Department, and the U. S. Postal Service. Also compromised were the emails of the United Nations, National Institute of Health, and housing giants Fannie Mae and Freddie Mac, plus some of the world’s biggest multinationals. In addition to emails, the hackers had potential access to usernames, passwords, and IP addresses.

Initially Deloitte kept the breach secret electing to inform only a handful of senior partners, six clients the firm knew to have been directly impacted by the attack, and lawyers at international law firm Hogan Lovells. The Washington- based firm was retained to provide legal advice and assistance about the potential fallout from the hack.

Deloitte formed a team consisting of security analysts and experts from both within and outside the firm to conduct a formal inquiry to the breach. The goals were to understand how this happened, assess the scope of the incident, determine what the attacker targeted, evaluate the potential impact to clients, and determine the appropriate cyber-security response. After six months elapsed time, the team determined that the attacker was no longer in the email system, ascertained that there had been no business disruption to any of its clients, and recommended additional steps to enhance Deloitte’s overall security. The team was unable to determine whether a lone wolf, business rivals, or state-sponsored hackers were responsible.

The attack illustrates that any organization can fall prey to a cyberattack—even those whose specialty is to stop them.

Critical Thinking Questions

1. Identify what you believe to be the area of most severe consequences for Deloitte—direct impact, business disruption, recovery, legal, or reputation. Justify your response.

2. How would you evaluate Deloitte’s response to this cyberattack? What did they do well? Where could they have done better?

3. Identify the three highest priority changes that need to be made to the Deloitte security program.

Sources: Brian Krebs, “Deloitte Breach Affected All Company Email, Admin Accounts,” Krebs on Security, September 17, 2017, https:// krebsonsecurity.com/2017/09/source-deloitte-breach-affected-allcompany- email-admin-accounts; “Deloitte Statement on Cyber-Incident,” September 25, 2017, https://www2.deloitte.com/global/en/pages/ about-deloitte/ articles/deloitte-statement-cyber-incident.html; “Here’s How Many Deloitte Clients were Impacted by Hacking,” Fortune, October 10, 2017, http://fortune.com/2017/10/10/deloitte-clientshacking; Nick Hopkins, “Deloitte Hit by Cyber-Attack Revealing Clients’ Secret Emails,” The Guardian, September 25, 2017, https://www .theguardian.com/business/2017/sep/25/deloitte-hit-by-cyber-attack-revealing- clients-secret-emails; and “Key Facts About the Deloitte Email Cyber-Incident,” Deloitte, October 6, 2017, https://www2.deloitte.com/ content/dam/Deloitte/global/Documents/About-Deloitte/gx-FactsSheetforGlobalWebsite- cyber-attack.pdf.

Submitting your Assignment

1. Click the  Submit Assignment button.

2. Click the  Choose File button and upload your file.

3. Click the  Submit Assignment button to submit.

Rubric

Writing Rubric Template

Writing Rubric Template

Criteria

Ratings

Pts

This criterion is linked to a Learning OutcomeFocus

10 to >9.0 pts

Exceeds Expectations

All required components of the assignment are complete or go beyond requirements. The focus on the assignment directly aligns with the prompt and is appropriately narrow for the scope of the assignment.

9 to >7.0 pts

Fully Meets Expectations

All required components of the assignment are complete. The focus on the assignment mostly aligns with the prompt, with some minor sidesteps. It may be narrow enough for the scope of the assignment, but at times is too broad or vague.

7 to >4.0 pts

Somewhat Meets Expectations

Some required components of the assignment are not complete. The focus on the assignment somewhat aligns with the prompt, with sidesteps. It is often too broad, hesitant to directly address the question, for the scope of the assignment.

4 to >0 pts

Does Not Meet Expectations

Many of the required components of the assignment are not complete. The focus on the assignment hardly aligns or does not align with the prompt, with major sidesteps, and is too broad or vague, not directly addressing the question.

10 pts

This criterion is linked to a Learning OutcomeContent

10 to >9.0 pts

Exceeds Expectations

The work demonstrates that the student fully understands and has applied concepts learned in the course. Concepts are integrated into the writer’s own insights. The writer provides concluding remarks that show analysis and synthesis of ideas.

9 to >7.0 pts

Fully Meets Expectations

The work demonstrates that the student, for the most part, understands and has applied concepts learned in the course. Some of the conclusions, however, are not supported in the body of the paper.

7 to >4.0 pts

Somewhat Meets Expectations

The work demonstrates that the author, to a certain extent, understands and has applied concepts learned in the course, but is missing important connections or misunderstanding some aspects of the content.

4 to >0 pts

Does Not Meet Expectations

The work does not demonstrate that the student has understood and applied concepts learned in the course.

10 pts

This criterion is linked to a Learning OutcomeOrganization

10 to >9.0 pts

Exceeds Expectations

Writing shows high degree of attention to logic and reasoning of main points. Unity clearly leads the reader to the conclusion and stirs thought regarding the topic.

9 to >7.0 pts

Meets Expectations

For the most part, the work ties together information smoothly with an understanding of connections. Paper flows with only some disjointedness, but ultimately follows logical idea sequences and patterns.

7 to >4.0 pts

Somewhat Meets Expectations

Sometimes ties together information from all sources. Paper does not flow - disjointedness is apparent. Author's writing does not demonstrate an understanding of the relationship among material obtained from all sources.

4 to >0 pts

Does Not Meet Expectations

The work does not tie together the knowledge learned in the course. It does not flow and appears to be created from disparate issues. Writing does not demonstrate understanding any relationships between ideas.

10 pts

This criterion is linked to a Learning OutcomeDevelopment

10 to >9.0 pts

Exceeds Expectations

Exceptionally well- presented and argued; ideas are detailed, well- developed, supported with specific evidence & facts, as well as examples and specific details.

9 to >7.0 pts

Meets Expectations

Well-presented and argued; ideas are mostly detailed, developed and supported with evidence and details, mostly specific.

7 to >4.0 pts

Somewhat Meets Expectations

Main points are present but not particularly developed or supported; some evidence, but usually of a generalized nature.

4 to >0 pts

No Marks

Main points lack detailed development. Ideas are vague with little evidence of critical thinking.

10 pts

This criterion is linked to a Learning OutcomeConventions & Grammar

5 to >4.0 pts

Exceeds Expectations

No spelling or grammar mistakes.

4 to >3.0 pts

Meets Expectations

Minor spelling & grammar mistakes that do not impede the flow and comprehension of the work.

3 to >2.0 pts

Somewhat Meets Expectations

Noticeable spelling & grammar mistakes that somewhat impede the flow and comprehension of the work.

2 to >0 pts

Does Not Meet Expectations

Unacceptable number of spelling and/or grammar mistakes. The mistakes severely impede the flow and comprehension of the work.

5 pts

This criterion is linked to a Learning OutcomeFormatting & Citations

5 to >4.0 pts

Exceeds Expectations

The work is formatted according to directions. It is professionally presented with clear organization. Outside sources are properly cited with no errors.

4 to >3.0 pts

Meets Expectations

The work is mostly formatted according to directions. It is professionally presented with minor questions about organization. Outside sources are cited with minor errors.

3 to >2.0 pts

Somewhat Meets Expectations

The work is somewhat formatted according to directions with obvious inconsistencies. It lacks a professional presentation or clear organization. There is an attempt to cite outside sources, but with many errors.

2 to >0 pts

Does Not Meet Expectations

The work is not formatted according to directions or lacks formatting altogether. It lacks a professional appearance. Outside sources are not cited or contain major errors or misleading information.

5 pts

Total Points: 50