Case Study Questions
1. List and describe the security and control weaknesses at Sony that are discussed in this case.
The case discusses the main security and control weaknesses at Sony which allowed a breach of their network. Sony, at the time of the breach, did not make security and control a top priority. Some of the security weaknesses noted in the case study includes the fact that Sony was using an older version of software (Apache Web Server) which had known security issues. This impaired the security of their firewall, allowing hackers to get in. As for control weaknesses, there were obviously not the appropriate policies or organizational procedures in place, since Sony did not know what information was stolen from their servers, the fact that it took days for Sony to inform their customers of the breach immediately shows a lack of training of their management and staff and also Sony’s delay in shutting down all of their servers at the point when they learned of the attack. If the proper policies and organizational procedures were in place, perhaps it would not have been as dramatic for Sony.
2. What people, organizational, and technology factors contributed to these problems?
Contributing to these problems was management’s unwillingness to spend the appropriate amount of money on the needed software to ensure security, the lack of training of their employees, almost non-existent procedures, and outdated software. With proper management and procedures in place, the employees would not have been so sloppy in their work, the software would have been updated and perhaps the firewall would not have been breached.
3. What was the business impact of the Sony data losses on Sony and its customers?
As a result of the breach, Sony not only lost many customers, their network was down for weeks while they attempted to fix the problem resulting in lost revenue, they lost the trust of their customers, but they also have had to spend hundreds of...