Answer 2 questions:
1. How should Roberts respond to the reporter’s phone call?
2. Analyse BookMart’s current information systems security policies and procedures. Why and how did this breach occur?
CASE SYNOPSIS/ OVERVIEW In July 2004, Joseph Roberts, the general manager of BookMart, a major online book, movie and CD store based out of Toronto, Ontario, Canada, was struggling to manage a serious breach of the company’s information systems, which jeopardized both the company’s reputation and its ability to provide service to its customers. Roberts had to identify how and why this breach occurred, develop a plan to ensure the firm minimized its risk against possible future attacks and determine how to manage the media surrounding this immediate incident. (A) CASE Assignment Questions 1. How should Roberts respond to the reporter’s phone call? 2. Analyse BookMart’s current information systems security policies and procedures. Why and how did this breach occur? Factors To Be Considered for your analysis -- Issues -- Objectives -- Media Response Analysis -- Implications from Media Response Analysis -- Current Information Systems Security Policies and Procedures Analysis (Pros and Cons) -- Implications From Current Information Systems Security Policies and Procedures Analysis -- Minimizing Risks -- Action Plan -- OTHER CONSIDERATIONS -- POINTS TO REMEMBER 1. The situation facing BookMart is one any firm to find itself in, and is a situation that naturally arises with any systems integrations. Protecting an organization’s data and information needs to be of utmost concern to today’s organizations, but even the best security measures are no guarantee against an attack. 2. Information security is a process and, to be effective, it must be embedded within the organizational. 3. The goal of information security is to minimize a firm’s risk against a possible attack and to have a plan of action to deal with a breach of security when it occurs (it’s not ‘if,’ it’s ‘when’). Suggested Readings Please consult the CSI/FBI’s Computer Crime and Security Survey reported annually by the Computer Security Institute in collaboration with the San Francisco Federal Bureau of Investigation’s Computer Intrusion Squad. Free downloadable PDF versions of the report are available (with registration) at www.gocsi.com. Also, Deloitte Touche Tohmatsu’s Global Financial Services Industry reports an annual Global Security Survey can be found and downloaded from www.deloitte.com/gfsi. To accompany this case, students might be directed to read the following prior to the class. 1. For an overview of the elements of a corporate network (including wireless access, PCs, storage networks, mobile devices, internal and external servers, and routers), the security risks they pose and steps to address these risks, see the brief article “Security By Design” written by the IT Business Staff of itbusiness.ca, June 2004; http://www.itbusiness.ca/index.asp?theaction=61&sid=56144&adBanner=Security 2. Dawn Kawamoto, “The Weakest Security Link? It’s You,” CNetnews.com, July 22, 2004. http://news.com.com/The+weakest+security+link%3F+It%27s+you/2100-7355- 5278576.html?part=dht&tag=ntop George V. Hulme, “Data Breaches Relentlessly Threaten Customer Trust,” Securitypipeline.com, May 3, 2004. http://www.securitypipeline.com/showArticle.jhtml?articleID=19400158