Data Breach Incident Analysis and Report

Data Breach Incident Analysis and Report

Scenario

Padgett-Beale Inc.s (PBI) insurance company, CyberOne Business and Casualty InsuranceLtd, sent an audit team to review the companys security policies,processes, and plans. The auditors found that the majority of PBIs operatingunits did not have specific plans in place to address data breaches and, ingeneral, the company was deemed not ready to effectively prevent and/orrespond to a major data breach. The insurance company has indicated that itwill not renew PBIs cyber insurance policy if PBI does not address thisdeficiency by putting an effective data breach response policy and plan inplace.  PBIs executive leadership teamhas established an internal task force to address these problems and close thegaps because they know that the company cannot afford to have its cyberinsurance policy cancelled.

Unfortunately, due to the sensitivity of the issues, nomanagement interns will be allowed to shadow the task force members as theywork on this high priority initiative. The Chief of Staff (CoS), however, isnot one to let a good learning opportunity go to waste especially for themanagement interns. Your assignment from the CoS is to review a set of newsarticles, legal opinions, and court documents for multiple data breaches thataffected a competitor, Marriott International (Starwood Hotels division). Afteryou have done so, the CoS has asked that you write a research report that canbe shared with middle managers and senior staff to help them understand theproblems and issues arising from legal actions taken against MarriottInternational in response to this data breach in one of its subsidiaries(Starwood Hotels).

Research

1.       Researchthe types of insurance coverage that apply to data breaches. Pay attention tothe security measures required by the insurance companies before they willgrant coverage (underwriting requirements) and provisions for technicalsupport from the insurer in the event of a breach. Here are three resources tohelp you get started.

a.        https://woodruffsawyer.com/wp-content/uploads/2019/06/40842_Woodruff-Sawyer-Cyber-Buying-Guide_Final.pdf

b.       https://www.travelers.com/cyber-insurance

c.       https://wsandco.com/cyber-liability/cyber-basics/

2.       Read/ Review at least 3 of the following documents about the Marriott International/ Starwood Hotels data breach and liability lawsuits.

a.       https://www.insurancejournal.com/news/national/2018/12/03/510811.htm

b.      https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/10/ico-fines-marriott-international-inc-184million-for-failing-to-keep-customers-personal-data-secure/

c.       https://www.bbc.com/news/technology-54748843

d.       http://starwoodstag.wpengine.com/wp-content/uploads/2019/05/us-en_First-Response.pdf 

e.       https://www.consumer.ftc.gov/blog/2018/12/marriott-data-breach

f.       https://news.marriott.com/2019/07/marriott-international-update-on-starwood-reservation-database-security-incident/

3.       Findand review at least one additional resource on your own that provides informationabout data breaches and/or best practices for preventing and responding to suchincidents.

4.       Usingall of your readings, identify at least 5 best practices that you can recommendto Padgett-Beales leadership team as it works to improve its data breachresponse policy and plans. 

Write

Write a five (5) page report using your research. At a minimum, your reportmust include the following:

1.       Anintroduction or overview of the problem (cyber insurance companys auditfindings regarding the companys lack of readiness to respond to data breaches).This introduction should be suitable for an executive audience and shouldexplain what cyber insurance is and why the company needs it.

2.       Ananalysis section in which you discuss the following:

a.       Specifictypes of data involved in the Starwood Hotels data breaches and the harm

b.       Findingsby government agencies / courts regarding actions Starwood Hotels / MarriottInternational should have taken

c.       Findingsby government agencies / courts regarding liability and penalties (fines) assessedagainst Marriott International.

3.      A review of best practices which includes 5 ormore specific recommendations that should be implemented as part of Padgett-Bealesupdated data breach response policy and plans. Your review should identify anddiscuss at least one best practice for each of the following areas:  people, processes, policies and technologies.(This means that one of the four areas will have two recommendations for atotal of 5.)

A closing section (summary) in which you summarizethe issues and your recommendations for policies, processes, and/ortechnologies that Padgett-Beale, Inc. should implement.

4.      To save you time, a set of appropriate resources/ reference materials has been included as part of this assignment. You mustincorporate at least five of these resources into your final deliverable. Youmust also include one resource that you found on your own.

5.       Yourresearch report should be professional in appearance with consistent use offonts, font sizes, margins, etc. You should use headings to organize yourpaper. The CSIA program recommends that you follow standard APA formattingsince this will give you a document that meets the professional appearancerequirements. APA formatting guidelines and examples are found under CourseResources > APA Resources. An APA template file (MS Word format) has alsobeen provided for your use.

6.       Youare expected to write grammatically correct English in every assignment thatyou submit for grading. Do not turn in any work without (a) using spell check,(b) using grammar check, (c) verifying that your punctuation is correct and (d)reviewing your work for correct word usage and correctly structured sentencesand paragraphs.  

7.       Youare expected to credit your sources using in-text citations and reference listentries. Both your citations and your reference list entries must follow aconsistent citation style (APA).