fares

Euro

The european project Training Activities to Implement the Data Protection Reform (TAtoDPR) has received funding from the European Union’s Rights, Equality and Citizenship (REC) Programme of the European Union under Grant Agreement No. 769191

The contents of this Journal represent the views of the author only and are his/her sole responsibility. The European Commission does not accept any responsibility for use that may be made of the information it contains.

Home / ISSUES / Issue / Protecting data from theft

back print content read pdf content


Protecting data from theft

Loughborough University

You are the head of the data breach Investigation department at the major manufacturing company, BigMetal. It has come to your attention that several reports have been stolen. These confidential reports contained the company’s key innovation ideas, which are very important for future products. It is possible that this breach may have occurred due to human error, possibly through the paper reports unwittingly being left on a train, though you cannot be sure of this. Your supervisor has tasked you with investigating the cause of this data breach. If it was accidental, it must be established how the breach occurred from a behavioural perspective. It is your task to determine the underlying reasons as to why the breach occurred, rather than simply what happened at the time to cause it.

You are the head of the data breach Investigation department at the major manufacturing company, BigMetal. It has come to your attention that several reports have been stolen. These confidential reports contained the company’s key innovation ideas, which are very important for future products. It is possible that this breach may have occurred due to human error, possibly through the paper reports unwittingly being left on a train, though you cannot be sure of this. Your supervisor has tasked you with investigating the cause of this data breach. If it was accidental, it must be established how the breach occurred from a behavioural perspective. It is your task to determine the underlying reasons as to why the breach occurred, rather than simply what happened at the time to cause it.

1. Engage

Big Idea

Clients’ personal data has been stolen by hackers

Essential Question

How should the employees of BigMetal act to deal with the data breach and avoid such breaches in the future?

Initial resources

A few of these web links may be helpful: https://www.gutobebb.org.uk/news/computers-left-overnight-risk-cyber-attack

https://www.tripwire.com/state-of-security/security-data-protection/5-innocent-mistakes-that-cause-an-it-security-breach/

https://ico.org.uk/for-organisations/guide-to-pecr/communications- networks-and-services/security-breaches/ https://simplicable.com/new/data-breach

https://www.thedatacommander.com/single- post/2017/04/11/Manufacturing-is-2-Target-of-Cyber-Attacks https://www.youtube.com/watch?v=7i9KoamDmss

 

 

Guiding Questions

1.     How would you go about investigating the breach?

2.     What actions do you think caused the breach?

3.     From the perspective of the employee at BigMetal, what do you think caused the breach?

4.     How could you stop such a breach from happening in the future?

5.     What actions would you need to take to report the incident?

 

Undertake a ‘situation room’ or ‘briefing room’ exercise with the students. They are your team. Encourage them to brainstorm to develop a list of questions which break the challenge down into its constituent elements and manageable sections and to put these in an order.

---

Use this space to show how you will do this and leave space for the

students to complete the questions. This box should be completed as a team by the students

Reflections

Once the students have done this, encourage them to reflect on how well this exercise worked. How well do the questions reflect the challenge?

How could a similar situation be tackled more effectively in the future?

Use this space to record individual reflections on the process.

Other notes

Any other notes that teachers and students should be aware of when using this challenge.

2. Investigate

Activity Description

Encourage students to map out a process of investigation for answering the questions above.

Resources

List any reading, web or video resources here that you think would be good

to ‘get the students going’.

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/principles/storage-limitation/

https://www.calyptix.com/hipaa/top-5-causes-of-data-breaches-in-healthcare/

https://www.british-assessment.co.uk/guides/3-causes-security-breaches/

Other resources will include written statements from members of staff and descriptions from employees of how they recorded their passwords.

Searching through the following journals and databases may also help: Behaviour and Information Technology, Information and Management, Science Direct, Scopus, Taylor and Francis, Journal of Business Research and Computers and Security. Using multiple keyword combinations will assist with this.

----

Encourage students to collect and use resources to help them to address the question.

 

 

Synthesis

The final product of this exercise should be a PowerPoint presentation to synthesise the students’ findings towards the problem. This should include a title and recommendations page.

Establish a task – e.g. A presentation, report, essay, video, briefing etc that students should produce to synthesise their answer to the questions.

---

Encourage students to summarise their answer.

Reflections

Students to provide a reflection on the process.

Other notes

Any other notes that teachers and students should be aware of when using this challenge.

3. Act

Solution Prototypes

Each group will provide a classroom style briefing to fellow students to explain the process and outcome of their investigations, and to disseminate the implications which flow from this.

This briefing will include information on the following:

(16)   The nature and cause of the breach

(17)   The implications and how they will be handled

(18)   The nature of the investigation, e.g. the measures used to reach the conclusion

(19)   Recommendations to the management of BigMetal

The recommendations provided should be based on a behavioural rationale and should aim to improve attitudes to data security and awareness of the implications of data breaches.

(Provide the students with a format for presenting their solutions to the problem. This might be a report template, a real world simulated scenario

– e.g. a briefing to a client or senior managers in an organisation).

Solution

Students to provide a solution or options for different solutions in the format suggested above.

Implementation plan

Please provide a plan for the implementation of the project.

Students also to provide a plan for how at least one of the solutions should be delivered.

Evaluate

1. Please address the following questions:

2. What are the key challenges for your Organisation in implementing the plan you identified?

3. What were the strengths and weaknesses of your overall approach to the challenge?

4. Were there any changes that could be made to the company Policy?

5. What did you learn from this whole process?

 

 

 

Students to develop a journal entry to evaluate the different solutions, and how they might go about the exercise differently in future. Students might also be asked how the exercise itself could be futher developed as a pedagogical process.

Other notes

Any other notes that teachers and students should be aware of when using this challenge.

4. Reflection and documentation

Case notes

Your notes and reflections on how this challenge could be developed in the future.

 

Gather class feedback from students about their experience in attending the class and conducting the exercise.

If you were to run this challenge again with a group of learners, how would you change it?


  • Giappichelli Social