Information Security Outsourcing Information Security

Question: Discuss about the Report for Information Security of Outsourcing Information Security. Answer: Introduction Generally the information security is defined as the well informed sense of assurance that defines risk and controls associated with the information and data of users are in balance (Cezar et al. 2013). Though there are several advantages of information technology but there are several disadvantages of information security system (De Lange et al. 2016). Data-theft is one of the well known issues regarding the information security. This report elaborating a news story: Health Insurer Anthem Hit by hackers related to the information security breaches published in The Wall Street Journal. Justification of Choice Justification for choosing the topic: Health Insurer Anthem Hit by hackers The second- biggest health insurance company Anthem said that the hacker broke into the database containing the personal information about 80 million of its customers and employees. It was the largest data breach in the year of 2016 (Yadron 2016). The story helps to find the major elements that are important to understand the impact of information-security breaches (Dhillon et al. 2016). In addition to this, evaluation of this story presents the reasons and impact behind data theft. This aspect makes the perspective of user and organizational heads about preventive measures against the data theft issues (Disterer 2013). Therefore, this aspect helps to determine the resolving techniques of data thefts introduced in the technological world. In contrast with the information-security breaches this story explains one of the most important breaches in it. Relation of the topic with the information security breaches Information security breaches are recognized as the unauthorized access of data by any other person or system other than the authorized person (Gordon et al. 2014). According to this definition this story is also concerned with the unauthorized data accessing process. The concept of the data theft is completely related to the information security breaches. Anthem the health care giant of the world faced huge problems as about 80 million data was hacked due to the attack of the hackers (Huang et al. 2014). According to a spokesperson from Anthem, it was clarified that most of the data was related to the details of the consumer information stored in the database of them. No data were related to the financial information of their consumers such as: card details, account number or any other informative details related to the consumers financial data (Kolkowska and Dhillon 2013). Anthem accepted that they had faced these breaches due to lack of security system among their technical departments. In contrary with the context of the story presented in the Wall Street Journal it is clear that the hackers has stolen the data for either gaining profit by the user information or to spoil the fame of Anthem. Reasons for the breaches Technical perspectives According to Mr. Miller from Anthem, said that the technical departments recognized the incursion in the last week before the attack when the system administrator saw that database query was being run automatically as he was not accessing his identifier code (Yadron 2016). Investigators involved in this case tracked that the data was transferred to an outside web- storage service and they were able to freeze it there. There are mainly two perspectives that are important for analyzing the technical reasons behind the information security breaches (Lee et al. 2013). These are: lack of security and utilization of modern hacking techniques by the hackers. Lack of security for consumer data: According to Mr. Miller from Anthem they tracked the location of the hacker though they did not control their hacking system, as a result of which the hacker easily controlled their security system and steal around 80 million data from the database of Anthem (Yadron 2016). Modern hacking techniques utilized by the hackers: The hackers utilized one of the modern techniques that make thetrackers feel illusive that they have tracked the position of hacker but in reality it is not true (Parsons et al. 2014). The system followed by the hackers shows the variable positions of them to the trackers. Non- Technical perspectives There may several non- technical reasons for explaining the perspective behind this data theft (Peltier 2016). According to the information collected on this issue, it is found that the hacker may have the following intentions: a) to misuse the data in case of blackmailing the consumers of the Anthem, b) to hack the personal bank accounts used by the consumer through their account numbers or card details, or c) to make Anthem feel that they are losing their competitive market position (Potter and Waterfall 2012). These reasons are three main reasons for hacking. The hacker involved in the data theft in Anthem affected 40 million payment cards; this aspect introduced the financial reasons for the data theft (Renaud and Goucher 2014). Hackers are intentioned to steal the data related to the financial accounts that may open up the way for them to hack the personal bank account of the consumers of Anthem. Impacts Assess involved in the breaches and severity of the damages According to the story Anthem and consumers of the company faced the loss due to the loss of data (Siponen et al. 2014). The impact was positive on the hackers, they are the only actor in this story those have gained. These impacts are described as follows: Impact on Anthem: According to the story related to the information security Anthem faced many challenges. Trust with consumers is very critical matter of concern in healthcare industry (Thomas et al. 2013). Due to the loss of data related to consumers they have lost their trust on the company. This issue not only reduced their market value but also left a great impact on their future aspect. According to CEO of Anthem, Anthem has yet to demonstrate a path towards restoring this trust. Impact on consumers of Anthem: According to the information collected on data thefts in Anthem there were 80 million consumers who were suffering from critical identity theft. There was around several million account details stolen by the hackers (Vacca 2012). The organization provided one web support to their consumers for noting their problems they are facing due their identity theft. Impact on hackers: Among all impacts of this data theft only hackers have positive impact on themselves (Wang et al. ., 2013). The hacker got the chances to hack the financial information of the consumers of the Anthem. 40 million payment details were stolen due this data theft (Yadron 2016). Anthem is based in Indianapolis that has almost 37.5 million people within their range of service. This is the only matter in which the hackers got benefitted. The above discussed aspects elaborated the impact of the information theft on the consumers, Anthem and also on hackers. Social impact of the breaches Information theft is defined as illegally operated user data or theft of information. These have great impact on the social world as the users or consumers are facing critical identity theft. The consumers and user of stolen data faced so many problems (Williams et al. 2013). According to the research done on information theft it is found that attitude of the consumers are changed due this kind of theft which impacts upon the social image of those organizations that are being challenged by information theft (Zafar et al. 2012). The Centre of Democracy and technology listed ten privacy prevention policies that will be helpful for the consumers for preserving their social rights. In addition to this, health insurance industry faces trust issues due to the information theft. In contrary with the story it is clear that Anthem is facing many problems due to same issue. Remdies to the breaches Technical details of the resolving techniques of breaches According to the story about data theft in giant healthcare Anthem this was revealed that the company has arranged a special association for enquiring about hacker (Yadron 2016). This association established an advanced system that identified the position of the hacker and that was approximately China. In addition to this, Anthem also introduced one new web- server that was gathering information about queries of the consumers those faced identity crisis and other data- theft related problems. Conclusion Information security issue being addressed to the illegal operation of user data. This aspect has great impact not only on the consumers but also many organizations those are facing challenges for data theft. In contrary with this perspective this report has explained the impact and reasons behind the data theft with respect to one news story published in The Wall- Street Journal. In this story giant healthcare Anthem has faced the data theft issue within their organization and around 40 million consumer data are lost due to data theft. This report elaborated technical and non- technical reasons behind this data theft. In addition to this, remedies for data theft in Anthem are also provided in this report that described the severity of the data theft. References Cezar, A., Cavusoglu, H. and Raghunathan, S., 2013. Outsourcing information security: Contracting issues and security implications.Management Science,60(3), pp.638-657. De Lange, J., Von Solms, R. and Gerber, M., 2016, May. Information security management in local government. In2016 IST-Africa Week Conference(pp. 1-11). IEEE. Dhillon, G., Samonas, S. and Etudo, U., 2016, May. Developing a Human Activity Model for Insider IS Security Breaches Using Action Design Research. InIFIP International Information Security and Privacy Conference(pp. 49-61). Springer International Publishing. Disterer, G., 2013. Iso/iec 27000, 27001 and 27002 for information security management. Gordon, L.A., Loeb, M.P., Lucyshyn, W. and Zhou, L., 2014. Externalities and the magnitude of cyber security underinvestment by private sector firms: a modification of the Gordon-Loeb model.Journal of Information Security,6(01), p.24. Huang, C.D., Behara, R.S. and Goo, J., 2014. Optimal information security investment in a Healthcare Information Exchange: An economic analysis.Decision Support Systems,61, pp.1-11. Kolkowska, E. and Dhillon, G., 2013. Organizational power and information security rule compliance.Computers Security,33, pp.3-11. Lee, C.H., Geng, X. and Raghunathan, S., 2013. Contracting information security in the presence of double moral hazard.Information Systems Research,24(2), pp.295-311. Parsons, K., McCormac, A., Butavicius, M., Pattinson, M. and Jerram, C., 2014. Determining employee awareness using the human aspects of information security questionnaire (HAIS-Q).computers security,42, pp.165-176. Peltier, T.R., 2016.Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press. Potter, C. and Waterfall, G., 2012.Information security breaches survey. Technischer Bericht, infosecurity Europe und PricewaterhouseCoopers LLP, April 2012. https://www. pwc. co. uk/en_UK/uk/assets/pdf/olpapp/uk-information-security-breaches-survey-technical-report. pdf. Renaud, K. and Goucher, W., 2014, June. The curious incidence of security breaches by knowledgeable employees and the pivotal role a of security culture. InInternational Conference on Human Aspects of Information Security, Privacy, and Trust(pp. 361-372). Springer International Publishing. Siponen, M., Mahmood, M.A. and Pahnila, S., 2014. Employees adherence to information security policies: An exploratory field study.Information management,51(2), pp.217-224. Thomas, R.C., Antkiewicz, M., Florer, P., Widup, S. and Woodyard, M., 2013. How bad is it?a branching activity model to estimate the impact of information security breaches.A Branching Activity Model to Estimate the Impact of Information Security Breaches (March 11, 2013). Vacca, J.R., 2012.Computer and information security handbook. Newnes. Wang, T., Kannan, K.N. and Ulmer, J.R., 2013. The association between the disclosure and the realization of information security risk factors.Information Systems Research,24(2), pp.201-218. Williams, S.P., Hardy, C.A. and Holgate, J.A., 2013. Information security governance practices in critical infrastructure organizations: A socio-technical and institutional logic perspective.Electronic Markets,23(4), pp.341-354. Yadron, A., 2016.Health Insurer Anthem Hit by Hackers. [online] WSJ. Available at: https://www.wsj.com/articles/health-insurer-anthem-hit-by-hackers-1423103720 [Accessed 25 Aug. 2016]. Zafar, H., Ko, M. and Osei-Bryson, K.M., 2012. Financial impact of information security breaches on breached firms and their non-breached competitors.Information Resources Management Journal (IRMJ),25(1), pp.21-37.