StudyDaddy Information Systems Need A++ with APA Format with citations

Need A++ with APA Format with citations

CASE STUDY

Designer clothing marketer Guess, Incorporated has agreed to settle Federal Trade Commission charges that it didn’t use “reasonable or appropriate measures” to prevent personal consumer information from being accessed at its Web site, Guess.com. An investigation into the stolen personal data found that Guess failed to take measures to mitigate known weaknesses in its software supporting the Web site and these weaknesses were known to be commonly exploited by hackers. As part of the settlement agreement, Guess will implement comprehensive information security measures for Guess.com and affiliated sites. “Consumers have every right to expect that a business that says it’s keeping personal information secure is doing exactly that,” said Howard Beales, Director of the FTC’s Bureau of Consumer Protection. “It’s not just good business, it’s the law,” he said. Ironically, Guess.com had provided online statements that stated that customer’s personal information was secure and would be protected. The company’s online claims included, “This site has security measures in place to protect the loss, misuse, and alteration of information under our control,” and “All of your personal information, including your credit card information and sign-in password, are stored in an unreadable, encrypted format at all times.”

According to the FTC complaint, Guess did not maintain personal data in an encrypted form at all times, and the site had been vulnerable to a commonly known SQL injection attack since at least October 2000. In February 2002, a visitor allegedly implemented such an attack and was able to view credit card information in clear text that was stored in Guess’s database.

The Guess settlement prohibits the company from misrepresenting the extent to which it maintains and protects the security of personal information collected from or about consumers. It also requires that Guess establish and maintain a comprehensive information security program. In addition, Guess must have its security program certified as meeting or exceeding the standards in the consent order by an independent professional within a year, and every other year thereafter. An FTC Commission voted to accept the proposed consent agreement, but it has not been finalized into law.

Copies of the complaint and consent agreement are available from the FTC’s Web site at http://www.ftc.gov.

1.

Online banners are often used to enhance consumer confidence in making purchases online, but what implications are there if these online claims turn out to be false?

2.

How can a company ensure that it takes “reasonable or appropriate measures” to prevent personal consumer information from being accessed for illegitimate purposes?

3.

What implications does this case hold for persons involved in information security?

SOURCE: Federal Trade Commission, http://www.ftc.gov/os/2003/06/guessanalysis.htm.

Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!