IS - Case Study - Flayton Electronics
IS - Case Study - Flayton Electronics
IS - Case Study - Flayton Electronics
for BFSI
Flayton Electronics
Case Presentation
Akshat Deshmukh
Akhilesh Bajpai
Kunal Chawla
Pranjal Kala
Rahul Phulwani
Shivam Kalra
GROUP 2
Case Analysis
"Boss, I think Someone Stole Our Customer Data"
Problem Statement:
Background
Flayton Electronics discovered a possible breach
in their security.
Privileged customer information may have been
compromised.
Bank informed the firm that credit card
information of several customers had been
leaked.
Possible fraudulent transactions may have taken
place.
CEO of the firm, Bret Flayton is faced with the
challenge of making a tough decision.
The firm is exposed to various risks.
The firm needs to develop a risk management
plan to manage and mitigate potential risks.
Factors Contributing to
The Problem:
Incompetent Management
The company's management team
is unsure of how to handle the
situation and is at risk of making
decisions that could further harm
Lack of Proper the company's Image.
Security Measures
The company did not have
adequate security measures in
place to protect its customer data.
Customers at Risk
The company's customers are at
risk of identifying theft and other
financial crimes as a result of the
data breach.
Insufficient Technology
Requirements
The data breach was discovered
by accident, indicating a lack of
monitoring and detection systems.
What is PCI-DSS?
Assess the damage: The company should assess the extent of the data breach and determine
2
what data has been compromised. This will help the company understand the full scope of the
problem and take appropriate action.
Notify relevant parties: The company should notify relevant parties, such as law enforcement,
3
customers, and regulatory bodies, of the data breach. This will help ensure that the appropriate
authorities are involved and that the company's customers are made aware of the situation.
Implement additional security measures: The company should review and strengthen its
4
security measures to prevent future data breaches. This may involve implementing new security
protocols, updating software and systems, and training employees on data security best
practices.