Course Intro
A university course in information security would normally be thought to reside in a computer science department, or in a college of engineering. But this particular course is housed in the College of Business for good reason. As you will see this semester, the strength of a firm's information security program often comes down to a business decision. "Is there enough bang for the buck?" as the cool kids say.
| Take the world's largest hotel chain Marriott (Links to an external site.), for instance. At least five million unencrypted passport numbers (very useful for identity theft) and over eight million credit card numbers (very useful for regular theft) were taken in a breach of one of its acquisition's (Starwood Hotels) guest databases. Marriott is phasing all of the legacy data into its better protected systems, but we will be left wondering why the data had not been protected all along. I hate to pass judgement until all of the facts are in, but if I had to guess, it will likely come down to a monetary decision made years ago. Many firms, large and small, have been victimized as a result of trying to fly under the radar to save a little money. |
|
Sometimes a little investment can save a lot of heartache down the road. Ask the city of Atlanta (Links to an external site.). The people behind its ransomware infection of municipal information systems asked for $50,000, but the city was unable (or unwilling) to decrypt its data, and it is now costing well over $2 million to recover everything. They will be less vulnerable once the city implements reliable backup operations, but a lot of time, effort, and profanity has been poured into restoring normal order.
|
I assure you, many of the businesses you transact with are also facing the same decisions. You trust them with valuable personal and financial information. What have they decided to do?
We will find out this semester! Enjoy!