1.
Activity: Technical analysis – Before the ethical questions can be
considered, the students might consider several immediate technical questions
that will help inform the discussion on ethical issues. A sample data set or
similar technical problem could be used for this analysis. For
example:
[Is it
possible to ascertain whether a breach has happened, and data has been
accessed?]
·
Detecting the
Breach: Check for signs that someone might
have accessed information they shouldn't have, like unusual activity in system
logs or unexpected data transfers.
So, in this
situation, if I were investigating a potential breach:
·
Examine System
Logs: Review system logs for any unusual
or irregular activities. Look for login attempts from unfamiliar locations or
at odd hours, multiple failed login attempts, or any activities outside the
ordinary patterns.
·
Monitor Data
Transfers: Keep an eye on data transfer logs
for any unexpected or unusually large data movements. This could indicate data
being exfiltrated from the system.
·
Analyze Access
Records: Check the access records to
identify any unauthorized access or changes in user permissions. Check for
accounts that shouldn't have certain levels of access attempting to retrieve
sensitive information.
[What
data may have been compromised?]
·
Finding Out
What's Compromised: Figure out
what information might have been accessed. Was it financial data, personal
details, or something else?
To ascertain
what information might have been accessed in a potential breach:
·
Identify
Potentially Compromised Data Types: Review the types of data stored or processed within the
affected systems. This includes financial records, personal information,
transaction details, or any sensitive data the system handles.
·
Consult Data
Protection Policies: Refer to
existing data protection policies and regulations to understand the level of
severity and legal implications of the potential data breach.
·
Engage Experts
if Necessary: If there's
uncertainty about the extent of the breach or the data compromised, consider
involving cybersecurity experts or forensic analysts to perform a detailed
investigation and determine the scope of the information accessed.
[Is a breach of this kind preventable, and
could it be better prevented in the future?]
·
Stopping
Future Breaches: Take steps to
prevent this from happening again. That might mean fixing security holes or
making the system more secure.
To
prevent a breach of this nature and strengthen security measures for the
future:
·
Incident
Response Plan: Develop and
regularly update a detailed incident response plan. This plan should outline
the steps to be taken in case of a breach, including containment, communication
protocols, and recovery procedures.
·
Multi-factor
Authentication (MFA): Enforce MFA
wherever feasible. Require additional verification steps beyond passwords, such
as SMS codes or biometric authentication, to access sensitive systems or data.
·
Patch and
Update: Ensure all software and firmware
across the network-connected appliances and devices are up to date. Frequently,
security vulnerabilities are patched in updated versions of software or
firmware.
[Has the
security been subject to a hack or is the data not secure?]
·
Figuring Out
What Went Wrong: Understand
how this happened. Was it a hack, or were there weak spots in security?
To ascertain
whether the security was compromised due to a hack or if the data was
inherently insecure:
·
Review
Security Protocols: Evaluate the
existing security measures and protocols in place. Assess if they were robust
enough or if they were improperly configured, allowing for the breach.
·
Forensic
Analysis: Conduct a detailed forensic
investigation to determine the root cause of the breach. This involves
examining logs, system records, and any available evidence to trace the
intrusion path.
[Has the
problem now been rectified, and all data secured?]
·
Fixing the
Issue: Once you know what happened, take
immediate action to secure everything and make sure it doesn't happen again.
To ensure the problem has been rectified and
all data is secured:
·
Patch
Vulnerabilities: Address
identified vulnerabilities or security gaps promptly. Apply necessary patches,
updates, or configuration changes to fortify the system against similar
breaches.
·
Security
Testing: Perform rigorous penetration
testing and security audits to validate the effectiveness of the implemented
changes and ensure there are no lingering vulnerabilities.
·
Continuous
Monitoring: Set up
continuous monitoring systems to detect any unusual activities or potential
threats. Establish alerts for suspicious behavior to enable rapid responses to
any future security incidents.
If your data gets exposed in the UK:
·
Tell the ICO (Information Commissioner's Office): There's a
group called the ICO that handles data rights. If the breach is serious and
could harm people's rights, you might need to tell them within 72 hours (about
3 days) of finding out about it.
·
Tell Affected
People: If the breach might seriously hurt
people, like causing them to lose money or have their identity stolen, you
might need to tell those people directly.
The GDPR (General Data Protection Regulation), a set of rules,
says you must judge how bad the breach is and report it if it could harm
people. It's important to know these rules and get advice from experts to
follow the right steps.
