Starwood preferred guest spg account information
1
Data Breach Incident Analysis & ReportResearch Report #1: Data Breach Incident Analysis & Report UMGC CSIA 300
Course Hero: ZSCANT
15 September 2020The Information Commissioner's Office (ICO) on behalf of EU Member State data protection authorities and other applicable parties concluded after an extensive investigation that Marriott International will be fined a total of £99,200,396 for infringements of the General Data
Protection Regulation. According to ICO Commissioner Elizabeth Denham organizations such as Marriott are must be held accountable for the sensitive data that they are in control of and should4
Data Breach Incident Analysis & Report
use due diligence during corporate acquisitions to put assessable accountability measures in place to identify personal or sensitive data acquired and ensure it is protected. (ICO, 2019) Specifically, according to author Bruce Sussman, the types of data stolen from the database includes:5
Data Breach Incident Analysis & Report
organizations in the hotel industry could face in such a scenario. The following recommendations are industry best practice accepted solutions, processes, and policies designed to enhance data breach response plans and policies. Adoption of these recommendations will mitigate data breach risks, increase efficiency when responding to breaches, and minimize financial or reputational damages to Padgett-Beale.People: Training and awareness of company staff is critical to increase the effectiveness of a data breach response plan. If employees are unaware of the plan and policy, they will not follow the guidelines of proper data breach response procedures. Additionally, training will enable staff to be cognizant and vigilant of signs that indicate a data breach is probable. The Padgett-Beale IT department is capable but cannot be everywhere within the company at once. Having educated and aware staff drastically increases the probability of identifying data breaches. At a minimum, it is recommended quarterly training and awareness be conducted for all company staff members.
Technologies: Using the appropriate technologies can increase the efficiency of the data response policy. It is advised that a Network Traffic Analysis (NAT) solution be adopted and utilized. The NAT will monitor data in motion on the company network looking for suspicious abnormalities. Additionally, the use of Endpoint Detection and Response (EDR) will monitor and identify data breaches alerting IT personnel when risks are found. The NAT and EDR will enable the IT department to effectively monitor and identify risks. A data breach must be quickly identified so the appropriate data breach response can be taken. If a breach is not found promptly the amount of damage caused by the breach will increase. (Murphy, 2020)
Summary
Padgett-Beal must address the gaps exposed during the CyberOne Business and Casualty Insurance audit. Benefits of addressing these gaps are two-fold. First, the renewal of theBurke, B. (2019). Guide To Cyber Liability Insurance. Woodruff Sawyer. Retrieved from, https://woodruffsawyer.com/wp-content/uploads/2019/06/40842_Woodruff-Sawyer-Cyber-Buying-Guide_Final.pdf
Clark, P. (2018). Marriott Starwood Data Breach Highlights Silent Cyber Risk in Acquisitions.
Lord, N. (2018). What is the Principle of Least Privilege (POLP)? A Best Practice for Information Security and Compliance. Digital Guardian. Retrieved from,
9
Data Breach Incident Analysis & ReportSussman, B. (2018). Marriott Starwood Data Breach Details: What Was Taken? Secure World. Retrieved from, https://www.secureworldexpo.com/industry-news/marriott-starwood-data-breach-details-contact-number
TRAVELERS, (n.d.). (2020). Cyber Insurance. Travelers. Retrieved from, https://www.travelers.com/cyber-insurance
