1st Edition
Information Technology Security and Risk Management Inductive Cases for Information Security
Information Technology Security and Risk Management: Inductive Cases for Information Security is a compilation of cases that examine recent developments and issues that are relevant to IT security managers, risk assessment and management, and the broader topic of IT security in the 21st century. As the title indicates, the cases are written and analyzed inductively, which is to say that the authors allowed the cases to speak for themselves, and lead where they would, rather than approach the cases with presuppositions or assumptions regarding what the case should be "about". In other words, the authors were given broad discretion to interpret a case in the most interesting and relevant manner possible; any given case may be "about" many things, depending on the perspective adopted by the reader, and many different lessons may be learned. The inductive approach of these cases reflects the design philosophy of the advanced IT Security and Risk Management course we teach on the topic here at the University of Canterbury, where all discussions begin with the analysis of a specific case of interest and follow the most interesting and salient aspects of the case in evidence. In our course, the presentation, analysis, and discussion of a case are followed by a brief lecture to address the conceptual, theoretical, and scholarly dimensions arising from the case. The inductive approach to teaching and learning also comes with a huge advantage – the students seem to love it, and often express their appreciation for a fresh and engaging approach to learning the sometimes-highly-technical content of an IT security course. As instructors, we are also grateful for the break in the typical scripted "chalk-and-talk" of a university lecture afforded by the spontaneity of the inductive approach.
We were motivated to prepare this text because there seems to be no other book of cases dedicated to the topic of IT security and risk management, and because of our own success and satisfaction with inductive teaching and learning. We believe this book would be useful either for an inductive, case-based course like our own or as a body of cases to be discussed in a more traditional course with a deductive approach. There are abstracts and keywords for each case, which would help instructors select cases for discussions on specific topics, and PowerPoint slides are available as a guide for discussion about a given case.
Abstracts
Editors
Contributors
SECTION 1. TECHNICAL CASES
TEACHING CASES
1.1. Data Breach at Nintendo Co. Ltd.: 300,000 Nintendo Users Hacked
Areeb Amanulla and Saadik Niyaz
1.2. Target Corporation
Xuejie Tai and Huixin Zhang
1.3. Case Study: Cyber-attack on Ukrainian Power Grid
Vignesh Makkada and Ishani Rai
1.4. Capital One Data Breach
Vignesh Makkada and Ishani Rai
1.5. LinkedIn Data Hack
Nishanth Chakkere Ramesh and Ying-Pin Lan
1.6. Zoombombing: A Technical Perspective
Joe Mani Kuttikatt and Rion Jovial Luis
1.7. Case Study: Ransomware Attack on IT Firm Collabera
Joe Mani Kuttikatt and Rion Jovial Luis
1.8. Neuralink: A Neural Technology Company
Anjali Krishnan and Shameer Thottoli
1.9. Securing the Internet of Things
Amelia Samandari
RESEARCH CASES
1.10. Connected Vehicles: An Era of Communications Technologies, Cybersecurity, and Innovation
Sasha Pugh, Juliet Samandari, and Hannah Yeo
1.11. SilverPush: A Case of Convenience versus Privacy
Ying-Pin Lan and Nishanth Chakkere Ramesh
SECTION 2. BEHAVIORAL AND SOCIAL CASES
TEACHING CASES
2.1. Microsoft 365 Phishing Case
Roydon Dominic Correya and Tushar Ashok Sagathia
2.2. Internet of Things Security: Trend Micro Experiment
Roydon Dominic Correya and Tushar Ashok Sagathia
2.3. 2014 Cyber-attack on eBay Case Study Analysis
Areeb Amanulla and Saadik Niyaz
2.4. Internal Revenue Service Scams
Nishanth Chakkere Ramesh and Ying-Pin Lan
2.5. International Student Scams
Nishanth Chakkere Ramesh and Ying-Pin Lan
2.6. Security and Privacy Risk with Social Robotics
Satish Prabhu and Abhishek Kumar
2.7. Financial Fraud (IS System Controls) at NCL Ltd
Satish Prabhu and Abhishek Kumar
2.8. When You Can’t Believe What You See or Hear
Anjali Krishnan and Shameer Thottoli
2.9. Robots: Attack Vectors and Safeguards
Alisha Gilbert and Zhigang Gong
2.10. Ransomware: Hollywood Presbyterian Medical Center
Tridhawan Choudhary and Priyanka Jagre
2.11. Fast Food Phishing: Cyber Espionage
Alastair Blackett and Cherie Chun Mei Mak
2.12. Workplace Robots
Alastair Blackett and Cherie Chun Mei Mak
RESEARCH CASES
2.13. Facial Recognition: Legal, Ethical, and Cultural Concerns
Yuchen Lin, Zhehen Zheng, and Yang Zhou
2.14. Aadhaar: The National Identity System of India
Anjali Krishnan and Shameer Thottoli
SECTION 3. PROCESS CASES
TEACHING CASES
3.1. NHS: COVID-19 Research Ethics and Governance
Roydon Dominic Correya and Tushar Ashok Sagathia
3.2. Marriot Data Breach: A Case Study Analysis
Areeb Amanulla and Saadik Niyaz
3.3. ChoicePoint
Huixin Zhang and Zuejie Tai
3.4. TJX
Huixin Zhang and Xuejie Tai
3.5. Case Study: A Data Breach on Flipboard
Joe Mani Kuttikatt and Rion Jovial Luis
3.6. What Happens in Vegas: Breach of Data Confidentiality
Satish Prabhu and Abhishek Kumar
3.7. PIH Health Phishing
Anjali Krishnan and Shameer Thottoli
3.8. Biometric Protection and Security: A Case Study on Clearview AI
Juliet Samandari and Amelia Samandari
3.9. Zoombombing: A Business Process Perspective
Alisha Gilbert and Zhigang Gong
3.10. Security in the Healthcare Sector
Alisha Gilbert and Zhigang Gong
3.11. eBay Hack
Tridhawan Choudhary and Priyanka Jagre
3.12. Using AI to Maintain Security of Healthcare Systems
Alastair Blackett and Cherie Chun Mei Mak
RESEARCH CASES
3.13. Digital Identity Theft Using Deepfakes
Alisha Gilbert and Zhigang Gong
Index
Biography
Steven Wingreen is an Associate Professor of Information Systems and Decision Sciences at the University of Canterbury in Christchurch, New Zealand. Prior to his academic career, he was a manager of networks and telecommunications whose responsibilities included network security. He has taught IT security and risk management over the span of his 23-year teaching career at multiple universities, both as a component of more comprehensive courses and as its own course. His current research agenda on the topic of emerging technologies in 21st century commerce includes a project with multiple papers about information privacy, trust, and ethical concerns in the context of advanced emerging technologies.
