Is Sonys Approach To Security Flawed

Published Date: 02 Nov 2017

Information security is cyber security that enables organisations to protect or defend its information and information systems from unauthorised use, access, disruption, modification or disclosure. As organisations have a large amount of data systems are subject to many threats and with many threats information is in danger of being exposed. Examples of these common threats are viruses, hackers, cybercrime, poor management, human error and lack of knowledge/awareness. In every organisation whether it be a private business or school network makes use of Information security. "Information is an asset that, like other important business assets, is essential to your business and consequently needs to be suitably protected" according Sense of Security, who are IT Security & Risk Management Experts. Information security is especially important whereas there has been fast increase in the "interconnected business environment." This is where material is exposed to a large and growing number of clients therefore more exposed to a wider variety of threats and vulnerabilities. So it can be said that Information security is important as it has a responsibility to protect information and information asserts where from that an organisations having consistent security practices and IT maintenance procedures ensures a smooth road for business operations.

What are the different types of information security companies apply to combat security threats?

The three major types of information security that companies apply in order to protect their information assets are Controls, also known as countermeasures. The three controls are physical controls, access controls and communication controls;Illustration showing how the programs that you haven't allowed into your computer are blocked by a firewall

Physical Control: This control prevents the access of unauthorized individuals entering the company’s facilities. Examples of physical controls are such things like walls, doors, gates, locks, fencing, security guards and alarm systems. As well as basic there are sophisticated physical controls such as motion sensors, temperature sensors, inferred sensors and pressure sensors. A weakness of physical of physical controls is that they become a disturbance to employees.

Access Control: This control protocol restricts unapproved people from using resources. Access controls have two major functions, one is Authentication. Authentication deals with the determination stage of the identification of the person trying to gain access. An example of such a control is "established through the use of biometrics." (Management Information Systems) The other major function is Authorization, after a person in identified in the authentication function. Authorization determines which "actions, rights, or privileges the person has, based on verified identity."

Communication Control: These types of controls secure and control the movement of data across a network or multiple networks. Communication controls consist of anti-malware systems, firewalls, secure socket layer, virtual private networking and whitelisting and blacklisting. A Firewall is a system or hardware that examines specific type of information from moving from the "internet or a untrusted network" (Windows Microsoft) and with a Firewall it can block or allow it pass depending on the settings of that firewall. A Virtual private network (VPN) is a private network technology that enables to create a secure public network to connect over the internet or a private network owned by a service provider. VPN’s are named "virtual" because they have "no separate physical existence" (Management Information Systems)

Question 3: Use the Australian Information Privacy Act (2000) Schedule 1 ‘Information Privacy Principles’ to define ‘sensitive information’ and Section 3 to define ‘personal privacy’. (100 WORDS)

HINT: Use http://www.austlii.edu.au/au/legis/vic/consol_act/ipa2000231/sch1.html

 ‘Sensitive information’ is a sub-set of personal information defined in the Privacy Act to mean information or an opinion about an individual’s political opinions, religious beliefs or affiliations, racial or ethnic origin, membership of a political association, philosophical beliefs, membership of a professional or trade association, sexual preferences or practices, membership of a trade union or criminal record. ‘Sensitive Information’ also includes health data.

Personal Privacy: "... information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion."

Personal privacy is information that can identify you or could be used to identify you. The personal information can also include medical accounts, bank account details, photos, videos, your opinions and where you work. In conclusion it can be any information where you are reasonably identifiable.

Question 4: What are the victim impacts of identity theft? (100 WORDS)

The victims of identity theft get little to no help from authorities within our society. Authorities mostly don’t have the time, the staff nor the resources to investigate each and every single crime that happens as there is just too much identity theft occurring for them to handle each case. The 'aftermath' that the victim has to go through is endless. It could include them taking time of work- it could be days, a week or even weeks after the identity theft has taken place. Victims have to make endless amounts of necessary phone calls, write letters, and also notify authorities which some say what for? The effects are not only short-term but long-term. Victims are often scarred emotionally. They feel violated and helpless -- and very angry. They are unable to rent an apartment, get a job, qualify for a mortgage, buy a car, all because someone has stolen their true identity. Essentially the entire burden of this crime is placed on the poor and vulnerable victim.

Assignment – Part B

Sony case study analysis using Toulmin’s Model of Argument (600 WORDS)

Use the Table provided for your answers.

Claim Implied (Fact)

Claim

Is Sony’s approach to security flawed?

Data

There are "77 million people who have accounts on Sony Electronic’s PlayStation Network"

"1.15 million PlayStation owners in Australia of which 65% are connected to the network"

"Disabled six days ago yet account holders were only made aware of the breach when Sony notified the media"

"Only become apparent on Tuesday after four days after of investigation by an external security firm."

Warrant

Rebuttal

"A Sony Computer Entertainment Australia spokesman said the company

‘responded quickly and are behaving responsibly". However, this is the exact opposite of what actually took place. Sony ‘embroiled’ itself in one of the "world’s largest privacy breaches" as not only did the ‘security breach’ become apparent four days after the investigation but also the ‘breach’ wasn’t even revealed to its loyal and faithful consumers by Sony but by an external security firm. Thus, the organisation truly dug itself in a little grave because in any crisis it is fundamental that the company relays what has happened to its customers directly from the mouth of the spokesperson first and foremost.

Qualifier

Your Opinion

There are many strengths to this argument 1) all the statistics which are utilised to convey the evidence that "Gamers’ details [have been] stolen in Sony security breach"; 2) how the writers of this article juxtapose Sony’s spokesman with facts against their claim that the company "responded quickly and are behaving responsibly"; 3) this argument has increased awareness that something needs to be done about security breaches in the future in particular by creating an Australian Law about the matter and 4) the argument was easy to read and easy to grasp the main contentions that the author was trying to put forth in the reader’s mind. The weakness this argument depicts is by not showing an even ‘playing field’. Only once is Sony’s point-of-view on that matter heard from and that quote was debunked by the authors immediately with the supporting evidence against its claim. All in all the effectiveness of this argument is highly persuasive. The ‘data’ provided in this argument purely backs up the ‘claim’ put forth by the authors.

Bibliography Reference List:

List full references used (only) in alphabetical order by Author Surname.

Byrne, Ron. "Information security." Contract and permanent staff - Australia - Technical writers, Business Analysts - HCi Professional Services. Web. 29 Mar. 2013. <http://www.hci.com.au/hcisite3/journal/Information%20security%20iceberg%20or%20tip.htm>.

"Information Privacy Act 2000 - SCHEDULE 1." Victorian Consolidated Acts. Web. 5 Apr. 2013. <www.austlii.edu.au/au/legis/vic/consol_act/ipa2000231/sch1.html>.

"Information Systems Manual." Department of Defence Intelligence and Security. Web. 11 Apr. 2013. <www.dsd.gov.au/publications/Information_Security_Manual_2010.pdf>.

Rainer, Kelly, and Hugh Watson. Management Information Systems . USA: John Wiley & Sons, Inc., 2010. Print.

"Sensitive information." Business Dictionary. Web. 13 Apr. 2013. <www.businessdictionary.com/definition/sensitive-information.html#ixzz2PXrVs0Uf >.

"What is Privacy." Australian Government Office of the Australian Information Commissioner. Web. 21 Apr. 2013. <www.privacy.gov.au/aboutprivacy/what >.

"What is VPN." What is my IP address. Web. 2 May 2013. <whatismyipaddress.com/vpn>.

"What is a firewall?." Microsoft Windows. Web. 2 May 2013. <http://windows.microsoft.com/en-au/windows-vista/what-is-a-firewall>.

"Why is Information Security Important ." Sense of Security. Web. 15 Apr. 2013. <www.senseofsecurity.com.au/articles/information-security >.