1 Case Study 4 Sourabh Rawat University of the Cumberlands Mng Ethic & Soc Resp Dr. Chase Betts September 16, 2022 2 Many have been hit by data loss caused by various hacking groups and sophisticated insider attacks. These data thefts and losses are devastating and can cause irreparable harm to businesses (Daswani & Elbayadi, 2021). The administration was concerned about these contractors taking advantage of government systems and, specifically, the data collected by the contractors and the way it was used. The agency wanted to use this information and access the data to ensure the public had access to the data and to mitigate the risk of the information being compromised. All government contracts need to incorporate provisions for information security. All government contractors that provide services in the federal government are now required to conduct background checks on potential contract participants before contracting and, as a result, the number of people applying to work for the federal government has decreased dramatically (Ramakrishnan et al., 2022). A Data Breach is a loss of property, personal information, or information that has a material impact on the company's ability to achieve objectives set out in the policy, the firm's reputation, the public's confidence in, and trust in the company, its competitors, suppliers, and customers or the system by which they are all identified, and other stakeholders (Fleury-Charles et al., 2022). This definition clearly refers to legal matters in that breaches of the data protection act in many countries are illegal and could be punished severely, up to imprisonment and heavy fines. The Equifax Data Breach included data breach records, financial data, and call center records. The company also provided credit monitoring, fraud detection, and health and safety tools. These products are not offered with the data breach but are available through the Equifax Web site. Some employees and the media were notified of the data breach, while other affected customers received notice via email, call center notices, or online postings (Wang & Johnson, 3 2018). The primarily affected parties affected by the Equifax data breach include the victims of the data breach; include the primary business affected by the Equifax data breach is Experian, the provider of a personal credit report to approximately some million consumers in the United States. Experian and all third-party service providers are the secondary business affected by the Equifax data breach. Information security experts say the number of security breaches over the past decade has been much higher than the usual, but the majority of them have been from financial and healthcare companies. 1. There are many ways to go about defining a security breach. Clearly, if talking about something that was intentional, it probably was not an accident or anything like that. However, there are a lot of other definitions out there. It would have to be intentional but unintentional, or something that would not have been anticipated. It involves looking not only at the immediate aftermath of the breach but also at the long-term impact of the breach on the firm, its stakeholders, and the broader community (Gandhi, 2019). It may be that the executives did not understand the nature of the information that was being stolen. It may be that they took things literally. In any case, they should have taken the information seriously and reported the incident to the appropriate authorities. The second question is asking about the ethical standards and how they differ from the standards that apply to individuals who work in businesses. 2. Equifax is one of the world's largest credit reporting agencies. By comparison, the breach that led to the discovery of the personal information of nearly some million Facebook users, and a massive attack on Twitter, appears to be the largest of its kind (Wang & Johnson, 2018). The Equifax data breach began to snowball, revealing that the credit reporting company had indeed 4 been breached in May and that some million people had had their personal information exposed. Equifax, which does business in the United States and is a provider of credit monitoring and other services, said that the hack occurred and that it had taken over five months to confirm that some sensitive data, including Social Security numbers, had been compromised. 3. Yes. Equifax had a culture that was very explicit in its practices and in how it enforced its policies and procedures. Many employees were asked to increase their monthly payments in anticipation of being granted increased security clearance. For example, one employee, it works in an I.T. department, was provided with a laptop computer with an encrypted user name and password and was asked to share passwords with the company (Gandhi, 2019). Another employee was asked to put down all the accounts in the name of a blind employee, a process that required signing several forms that contained the passwords to all the accounts, which would then have been shared with someone else in the company. The CEO was aware of the passwords but was too concerned with security to take action. 4. Risk management is an approach to preventing and managing events, including accidents and other misbehavior. Risk management is used to deal with various types of risks, such as fraud, hazards and environmental risks (Kabanov et al., 2021). For example, if a building catches fire, the risk is treating it as an arson hazard and getting the owner of the building to remove the faulty wiring and replace it. If the owner refuses to comply, then management will ask the client to pay the cost of repairing the building. At its most simplistic, risk management is about taking action to minimize the risk. 5. 5 Most of the respondents indicated they were not aware of any of the companies being sued for not creating training on ethics. On average, respondents would see ethics training only once or twice yearly. However, most respondents indicated they were aware of some specific companies with ethics training programs (Novak & Vilceanu, 2019). The key is to understand the role ethics plays in corporate risk management and the unique ethics and compliance issues that each organization must address. However, the organization must realize that ethics, human dignity, and respect are not mutually exclusive. Failure to provide these values often leads to ethical dilemmas and negative consequences for the firm and its stakeholders, including its shareholders, creditors, competitors, and investors. A final note on ethics is that the term is often synonymous with corporate social responsibility. 6 References Daswani, N., & Elbayadi, M. (2021). The Equifax Breach. In Big Breaches (pp. 75–95). Apress. Fleury-Charles, A., Chowdhury, M. M., & Rifat, N. (2022, May). Data Breaches: Vulnerable Privacy. 2022 IEEE International Conference on Electro Information Technology (eIT). Gandhi, H. (2019). Active cyber defense certainty: A digital self-defense in the modern age. Okla. City UL Rev, 43. Kabanov, I., Massachusetts Institute of Technology (U.S.), Madnick, S., & Massachusetts Institute of Technology (U.S.). (2021). Applying the lessons from the equifax cybersecurity incident to build a better defense. MIS q. Exec., 109–125. Novak, A. N., & Vilceanu, M. O. (2019). “The internet is not pleased”: twitter and the 2017 Equifax data breach. Commun. Rev., 22(3), 196–221. Ramakrishnan, T., Hite, D. M., Schuessler, J. H., & Prybutok, V. (2022). Work ethic and information security behavior. Inf. Comput. Secur., 30(3), 364–381. Wang, P., & Johnson, C. (2018). Cybersecurity incident handling: a case study of the Equifax data breach. Issues in Information Systems, 19(3).