· Make a
at least two (2)
of your fellow students’ postings.
By meaningful, I mean don’t just say “I agree” or “Good article”, but rather provide substantive feedback on their submission by relating it to the text, your submission, or your own experience
Title of article: “Phishing Used in Home Depot Data Breach”
In 2014 a group of hackers were able to steal payment information from card information that was stored by Home Depot. They were able to do this by using malware that was specifically designed to steal payment information from cards. This scandal affected millions of users in the United States and Canada. The hackers were able to carry on the attack for five months before it was removed from the Home Depot network. The malware was installed on the point-of-sale systems. It was found that the attackers accessed their system through a third-party vendor.
How could proper governance have prevented this event?
One way that proper governance could have prevented this event would have been to ensure that the staff received training on safety related roles and responsibilities. The system was breached due to a unpatched Windows vulnerability. If the Chief Information Security Officer routinely monitored the network, this is something that could have been prevented. Another way would have been to allow the senior management to go through the necessary training and/or receive information that was needed to be aware of security risks in regard to information systems.
The installation of anti-malware systems could have also prevented this event from occuring. There were many people other than the IT department that played a role in the event that happened at Home Depot. The board of directors could have ensured that information security was discussed at each and every meeting that was help so that they could be aware of what security measures were being taken to secure confidential data. They should also be holding the information security leaders accountable for anything that was related to security.
If the senior executives required weekly reports of the security activities, then the attack may not only have been prevented but stopped shortly after it happened. With management monitoring the network and security activities at the company and had reports generated of the activity, any errors that occured can be targeted and fixed so that they would not happen again. Anti phishing resources should have also been put into place so people do not fall victim to human error and put companies at risk.
As cited by Nguyen (2011), Enron is one of the largest US-based companies, which provided wholesale services, retail energy services, broadband services and transportation (Enron Corp 2001). The corporation became popular for its failures, which resulted from poor corporate governance. Enron filed for bankruptcy (December 2, 2002) which led to revolutionary changes to corporate governance worldwide, which emphasized law reform to prevent, or at least mitigate, future corporate collapses.
Nguyen’s (2011) paper investigated and evaluated the factors causing Enron’s Collapse. The investigation exposed Enron’s weaknesses in the corporate governance structures which led to the collapse of the company. Poor corporate governance and unethical cultural practices created conflict of interest and unethical behavior. The paper provided an analysis that synthesized findings that were framed on these major factors for the collapse: (1) Enron’s Board of Directors failed to fulfill its fiduciary duties towards the corporation’s shareholders. (2) the top executives of Enron were greedy and acted in their self-interest. (3) Enron’s employees witnessed the wrongdoings of Enron’s top executives, and quite a few whistle-blowers came forward. (4) Enron outsourced external auditing for its internal audit function instead of establishing a functionally internal audit mechanism and its external auditor acquiesced in the application of questionable accounting and fraudulent financial reporting.(Nguyen, 2011)
Cited in the paper by ((Turnbull 1997)), corporate governance refers to a set of relationships among the firm’s management, Board of Directors, and stakeholders. It is also a system designed to direct and manage a firm. It was emphasized that Good corporate governance enhances not only accountability but also the creation of wealth in a firm. In the case of the analysis of Enron, all participants including the Board of Directors, top executives, the internal auditor, and external auditors were whistle-blowers. (Rezaee, 2022) Essentially the Board did not cultivate an environment in which the external auditor and the internal audit could function cohesively. I support Nguyen’s argument that the management team acted out of their own interest and not for the benefit of the company.
Enron‟s directors contributed to the failure of the company. Nguyen’s described this as unfulfilled fiduciary duties. Shailer (2004) cited in Nguyen (2011) noted that directors should be responsible for governing and directing the company’s affairs in the best interests of the company and its shareholders Therefore, they are required to demonstrate the attribute of honesty. Honesty is the highest level of the hierarchical corporate governance structure. In the case of Enron’s Board of Directors, it not only must have known about but also supported the Company‟s questionable strategies, criticized policies, and devious transactions (Clark and Demirag 2002).
How could proper governance have prevented this event?
Enron’s failure to disclose conflicts of interest. Enron failed to adequately disclose the non-arm’s-length deals between the company and the SPVs.
Enron’s Board of Directors failed to fulfill its fiduciary duties toward the corporation’s shareholders. The top executives of Enron were greedy and acted in their own self-interest.
By not adhering to its corporate government policy, Enron was faced with a lack of risk management. This resulted in the company making poor decisions and investments, along with putting at risk its ability to repay its creditors.
Information Security addresses confidentiality, integrity, availability, and accountability. Enron failed on all these principles hence its failure