Assignment 4 iPads Security Breach
Apple proudly sold the first iPad on June 4, 2010, and within days a security breach was announced. Hackers from Goatse Security firm obtained over 100,000 email addresses and network ID- of new iPad owners, including government officials, politicians, well-known corporate officers, and other famous/important people. Goatse Security officials shared the email addresses and network ID- to Gawker Media, LLC, after they informed AT&T and the vulnerability was closed (repaired).
Some expressed little concern over the security breach stating that it was “only email addresses†and not personal or financial information. The FBI doesn’t concur. AT&T responded quickly and has worked to mitigate the damage.
Required:
1. View the video clip (1 min 41 s) of Steve Jobs just days before Apple- partner AT&T exposed iPad customers’ private information. http://gawker.com/#!5560295/steve-jobs-bragged-about-privacydays-ago
2. Read Apple- Worst Security Breach: 114,000 iPad Owners Exposed posted on the Gawker.com Web site (the company first informed of the breach). http://gawker.com/5559346/apples-worst-security-breach-114000-ipad-owners-exposed
3. View the CNN video: iPad Security Breach (2 min 15 s) http://www.cnn.com/video/#/video/tech/2010/06/10/nr.levs.ipad.security.breach.cnn?iref=allsearch
4. For an alternative perspective: view the first minutes of the Wall Street Journal video (3 min 35 s): AT&T's iPad Security Breach http://online.wsj.com/video/digits-atts-ipad-security-breach/620A87F6-BADE-49BC-A3F3-887D44B25EA6.html?KEYWORDS=ipad
5. Read, AT&T Fights Spreading iPad Fear: http://gawker.com/5559725/att-fights-spreading-ipad-fear
6. Read FBI Investigating iPad Breach (Update): http://gawker.com/5560542/fbi-investigating-ipad-breach
7. Read AT&T Blames iPad Incident on “Malicious†Hackers: http://online.wsj.com/article/SB10001424052748703389004575305611381540180.html?KEYWORDS=ipad
You are to write a five to six (5-6) page paper that answers the following:
1. Determine if hacking into a Web site is ever justifiable, applying your theory to a real-world case in which someone hacked into a system, including the name of the company and details.
2. Create a corporate ethics statement for a computer security firm that would allow or even encourage activities like hacking.
3. Discuss if it is important for organizations like Gawker Media to be socially responsible.
4. Based on this incident, determine what factors CEOs should consider when responding to a security breach.
5. Create an email script to be sent to AT&T customers informing them of the security breach and a plan to resolve the issue. Explain your rationale.
The format of the paper is to be as follows:
• Typed, double-spaced, Times New Roman font (size 12), one-inch margins on all sides, APA format.
• Use headers for each of the criteria, followed by your response.
• In addition to the five to six (5-6) pages required, a title page is to be included. The title page is to contain the title of the assignment, your name, the instructor- name, the course title, and the date.
Note: You will be graded on the quality of your answers, the logic/organization of the report, your language skills, and your writing skills.
Outcomes Assessed • Analyze information technology applications and the application of decision support systems to gain a competitive advantage and more effectively control operations.
• Use technology and information resources to research issues in the functions and processes within a business enterprise and key factors affecting productivity.
Grading Rubric for Assignment 4 - iPad- Security Breach
Criteria 0
Unacceptable 20
Developing 30
Competent 40
Exemplary
1. Determine if hacking into a Web site is ever justifiable, applying your theory to a real-world case in which someone hacked into a system, including the name of the company and details. Did not complete the assignment or did not determine if hacking into a Web site is ever justifiable, applying your theory to a real-world case in which someone hacked into a system, including the name of the company and details; omitted key information and/or included irrelevant information. Completed with less than 70% accuracy, thoroughness, and logic. Partially determined if hacking into a Web site is ever justifiable, applying your theory to a real-world case in which someone hacked into a system, including the name of the company and details; omitted some key information or included some irrelevant information. Completed with 70-79% accuracy, thoroughness, and logic. Sufficiently determined if hacking into a Web site is ever justifiable, applying your theory to a real-world case in which someone hacked into a system, including the name of the company and details. Completed with 80-89% accuracy, thoroughness, and logic. Fully determined if hacking into a Web site is ever justifiable, applying your theory to a real-world case in which someone hacked into a system, including the name of the company and details. Completed with 90-100% accuracy, thoroughness, and logic.
2. Create a corporate ethics statement for a computer security firm that would allow or even encourage activities like hacking. Did not complete the assignment or did not create a corporate ethics statement for a computer security firm that would allow or even encourage activities like hacking; omitted key information and/or included irrelevant information. Completed with less than 70% accuracy, thoroughness, and logic. Partially created a corporate ethics statement for a computer security firm that would allow or even encourage activities like hacking; omitted some key information or included some irrelevant information. Completed with 70-79% accuracy, thoroughness, and logic. Sufficiently created a corporate ethics statement for a computer security firm that would allow or even encourage activities like hacking. Completed with 80-89% accuracy, thoroughness, and logic. Fully created a corporate ethics statement for a computer security firm that would allow or even encourage activities like hacking. Completed with 90-100% accuracy, thoroughness, and logic.
3. Discuss if it is important for organizations like Gawker Media to be socially responsible. Did not complete the assignment or did not discuss if it is important for organizations like Gawker Media to be socially responsible; omitted key information and/or included irrelevant information. Completed with less than 70% accuracy, thoroughness, and logic. Partially discussed if it is important for organizations like Gawker Media to be socially responsible; omitted some key information or included some irrelevant information. Completed with 70-79% accuracy, thoroughness, and logic. Sufficiently discussed if it is important for organizations like Gawker Media to be socially responsible. Completed with 80-89% accuracy, thoroughness, and logic. Fully discussed if it is important for organizations like Gawker Media to be socially responsible. Completed with 90-100% accuracy, thoroughness, and logic.
4. Based on this incident, determine what factors CEOs should consider when responding to a security breach. Did not complete the assignment or did not determine what factors CEOs should consider when responding to a security breach; omitted key information and/or included irrelevant information. Completed with less than 70% accuracy, thoroughness, and logic. Partially determined what factors CEOs should consider when responding to a security breach; omitted some key information or included some irrelevant information. Completed with 70-79% accuracy, thoroughness, and logic. Sufficiently determined what factors CEOs should consider when responding to a security breach. Completed with 80-89% accuracy, thoroughness, and logic. Fully determined what factors CEOs should consider when responding to a security breach. Completed with 90-100% accuracy, thoroughness, and logic.
5. Create an email script to be sent to AT&T customers informing them of the security breach and a plan to resolve the issue. Explain your rationale. Did not complete the assignment or did not create an email script to be sent to AT&T customers informing them of the security breach and a plan to resolve the issue. Did not explain your rationale; omitted key information and/or included irrelevant information. Completed with less than 70% accuracy, thoroughness, and logic. Partially created an email script to be sent to AT&T customers informing them of the security breach and a plan to resolve the issue. Partially explained your rationale; omitted some key information or included some irrelevant information. Completed with 70-79% accuracy, thoroughness, and logic. Sufficiently created an email script to be sent to AT&T customers informing them of the security breach and a plan to resolve the issue. Sufficiently explained your rationale. Completed with 80-89% accuracy, thoroughness, and logic. Fully created an email script to be sent to AT&T customers informing them of the security breach and a plan to resolve the issue. Fully explained your rationale. Completed with 90-100% accuracy, thoroughness, and logic.
6. Clarity
Did not complete the assignment or explanations are unclear and not organized.
(Major issues) Explanations generally unclear and not well organized.
(Many issues) Explanations generally clear and/or organized. (Minor issues) Explanations very clear and well organized.
(Added helpful details)