Heartbleed Case Study Solution
IT Audit Committee on HeartBleed Cyber Attack:
Till now this particular cyber-attack i.e. HeartBleed is not tackled quite effectively. The reasons of this concern according to IT auditors is that, the IT reports show very anonymized data on which it is very difficult to detect this which specific applications are vulnerable to heart bleed attack. Actually the HeartBleed attack is caused due to Open SSL’s own working or build architecture. Due to this attack’s anonymity of not getting diagnosed, heart bleed is only traced when the company is already been defaced by it.
Steps that IT auditors should take to avoid HeartBleed attacks:
Since this particular attack is so unidentified, there are certain rules and preemptive measures that IT auditors should follow in order to avoid and tackle this attack to some extent. Like changing passwords after some time, ask developers to use the latest and current coding language for designing any application, continuously searching for every sort of vulnerability that popups, purchasing and patching the latest patches related to every vulnerability of every design architecture.
How will each stakeholders address:
The Heartbleed bug is considered as one of the most dangerous vulnerability in which any one on the internet can steal your personal data and information, the open source protocol (SSL) also known as open source cryptographic library is used to hack or steal any type of data from any platform. The Heartbleed bug has affected many stake holders in the local and international market, different experts has stated that Heartbleed is one of the most serious and dangerous vulnerabilities ever, the views and address of each stakeholder is described below.
Auditor
Different companies has taken many steps from auditors perspective in order to secure the personal information of millions of people, the auditors states that if a proper team of professionals will look into this matter with proper funding and resources then this auditing process will become better with some good outputs. The auditors say that if there are not enough resources to hire new auditors then the existing auditors should have given proper training to deal with this vulnerability and moreover they have to take some precautionary steps in order to avoid any type of mishap in future. The auditors should have to come up with some new ideas from company’s perspective or enterprise to reduce the probability of any loss in terms of cash or any personal information which their company uses in order to execute their day to day operations.
Auditee
The internal audit team of any organization ask different types of question from auditee means the working member of that company or enterprise the questions are related to their day to day operations and analyzing their records by accessing company maintained records the, proper guidelines to auditee by the audit team may result better output to explore these types of vulnerabilities in such cases like Heartbleed.
Audit Committee
The audit committee are the stakeholders of a company, the audit company is set of board of directors who audit their company from every aspect and they can do anything for their company in order to achieve good success rate and better company financial position. If we say that the audit committee is the class which has suffered the most from this HeartBleed vulnerability then it is not wrong the main reason that why this class is effected mostly by this vulnerability is that they have to mainly depend on open source SSL. If the audit committee found any type of bug or loss in company record which can be of any type financial record, employees status or vendors information they cannot compromise on any type of information loss or leak in any mean and they have to do anything in order to make their company safe, secure and productive in this case they have to pay to other sources in order to make their data secure and protected.
The audit committee also have to pay quite a huge amount to certified ethical hackers in this case to analyze the security and encryption parameters of company through various different techniques, all those companies for which technology serves as the backbone of the company they develop special audit teams which consisting of expert cyber security experts and internal and external audit experts which specifically focuses on cyber security issues of the company with special skill set and suppresses the chance of any type of attach like Heartbleed vulnerability. The regular assessment of audit committee is the key factor to reduce the chances of any type of cyber-attack including Heartbleed vulnerability or any other.
Interaction point among different stakeholders:
The key stakeholder for the progress of a company is none other than the audit committee. The audit committee have wide connection to the other stake holders of the same company. The stakeholders of a company is comprised of all the governing board members to the lowest paid official. The correspondence in between these channels have to be secure and protected. A single breach in the facility can make a company go bankrupt. Hence the relationship between the two other stake holders are highlighted here,
Interaction of Audit Committee and Auditee or the Internal Auditor:
A company needs to be audited to make sure a healthy progress of the company. The relation in between these two parties is vital for a company’s growth. The two stakeholders are responsible for a wide array of jobs and if one deviates from its course, other will surely be affected. The audit committee is on a facts finding mission that would require access to any files and documents, which an Auditor or the organization members are entitled to.
If these sensitive material is leaked out through a bug talked above it can produce horrifying results. This is why the co-ordinance of these parties with each other is required. People from both sides should make sure that whatever they receive or send through these internet portals are encrypted and well protected.
Interaction of Audit Committee and External Auditor:
Audit committee hires a third party auditors for various reasons. The first and the foremost is due to the internal relationships of internal auditor with various organization members. A simple leverage in between any two parties can be devastating for the company in wider scope. So a professional firm is hired to make sure that these leverages are not given and the organization is run smoothly. These two parties are responsible to discuss and pinpoint the areas that need to be improved upon. Here too, the data leakage should be prevented by any means and new security protocols should be introduced among the concerned stakeholders. These external auditors have also the authority to call upon any member of the governing board or any higher ranked individual and ask them the hard questions....................
This is just a sample partical work. Please place the order on the website to get your own originally done case solution.
Related Case Solutions & Analyses:
Evaluation Questions for Assessing Post-Merger-Integration Consultants
Coastwide Labs: Product and Strategy Redesign in Commercial Cleaning Products
Note on Foreign Direct Investment in Japan
US Telecommunications Industry (A)–1984-96
Edward Jones
Google Inc.
CASE ANALYSIS: TATA COMMUNICATIONS EMERGING MARKET GROWTH OPPORTUNITY
Impact of financial derivatives in Indian markets: A case of Black Scholes Merton Model
DEUTCHE TELECOM: A TRANSFORMATION JOURNEY
Asahi Glass Company: Diversification Strategy
