Week 5 It205

Check Point: Sony Online Entertainment

1. List and describe the security and control weaknesses at Sony that are discussed in this case.

The case discusses the main security and control weaknesses at Sony which allowed a breach of their network. Sony, during the moment of the breach, did not make sure security and the control a top priority. Some of the security weaknesses noted in the case study includes the fact that Sony was using an older version of software (Apache Web Server) which had known security issues. This impaired the security of their firewall, allowing hackers to get in. As for control weaknesses, there were obviously not the appropriate policies or organizational procedures in place, since Sony did not know what information was stolen from their servers, the fact that it took days for Sony to inform their customers of the breach immediately shows a lack of training of their management and staff and also Sony’s delay in shutting down all of their servers at the point when they learned of the attack. If the proper policies and organizational procedures were in place, perhaps it would not have been as dramatic for Sony. Eugene Safford, the executive director of the Purdue University Center for Education made claim to all of these weaknesses at the House Energy and Commerce Committee. The Sony data breach was apparently the result of a “revenge hacking,” the use of the Internet to destroy or disrupt political opponents, or to punish organizations for their public behavior. (Laudon & Laudon, 2013)

2. What people, organizational, and technology factors contributed to these problems?

The people, organizational, and technology factors that contributed to these problems range from a number of issues and allegations. First there were, Revenge Hackers”. According to Sony, hackers left a text file named Anonymous on Sony's server with the words “We are legion.” Anonymous is the name of an Internet collective of hackers and vigilantes whose...