Boss, I Think Someone Stole Our Data

Boss, I think Someone Stole Our Customer Data

-------------------------------------------------

Boss, I think Someone Stole Our Customer Data

BUS519 Project Risk Management

Spring Term 2011

Abstract

A data breach has been reported to the company by a third party bank. The CEO must make a decision on how to respond. Four suggested response commentaries have been summarized, along with the recommended best solution for the issue. the CEO’s response will include a communication strategy, an investigation strategy, and a data security strategy. A proposed action report is included. The report outlines the steps the company will take to address the three strategies. An assessment of the problem is also included, along with a suggested data security project plan to bring the company to full PCI compliance.

Situation and Commentary Review

Flayton Electronics has been notified by a bank that they are a common point of purchase for fraudulent accounts. The CEO has organized a high level response team that includes the CFO, CIO, director of human resources, director of communications, head of security, and an outside consultant providing legal counsel. Their goal is to review the situation and make recommendations to the CEO on the correct course of action, based upon their background and the nature of the risk involved. The CEO will need to make a decision on the communication strategy to the customer base, the internal and external investigation strategy, the technical solution addressing the original failure, and the overall technology security strategy.

Four solutions were suggested in the case pack. The first, presented by James Lee of Choicepoint, recommends swift action. Mr. Lee identifies “Timing is a crucial factor in the inevitable lawsuits” that will “focus on what executives knew, and how long before going public”. His action plan includes correction of the data security issue, and a “brand restoration strategy” with such offerings as...