Could ISO27001 have prevented the leak of Homeland’s new series?

Source: Movie Markers

Homeland, the American drama-thriller television series has had its first episode of the new series leaked online.

Winner of 11 Emmy awards this year, the third series of Homeland has been eagerly waited by fans around the world. So it was much to the disappointment of 20th Century Fox when more than 100,000 users pirated the leaked episode within hours of it being uploaded from BitTorrent sites a month before its official release.

Although how the episode was leaked is unknown, it is likely to be from three possible methods:

1) Human error: Deadline reported that preview copies of the episode were distributed to press at Television Critics Association. It is possible that an employee could have accidentally sent a copy to the wrong person who decided to upload it to file-sharing sites.

2) Disgruntled employee: A member of staff with access to the files who had a grievance with 20th Century Fox could have maliciously uploaded the copy to a file sharing website to cause harm to the firm.

3) Hacked: Cyber criminals could have hacked into 20th Century Fox’s systems to expose confidential information to share with the rest of the world. This could have been done with malicious intent, or purely to prove that they could do it. That, or they could have just been hardcore Homeland fans.

Information security should be a top priority for every organisation. One person, or a group of people, can cause significant harm to an organisation in every way possible; whether it be financial, brand damage or loss of customers.

ISO 27001, the international standard that describes best practice for an Information Security Management System (ISMS), focuses on people, processes and technology.  It provides specifications helping protect the confidentiality, integrity and availability (CIA) of assets that are important to the company.

If 20th Century Fox were to implement ISO 27001 best practices, they would:

1) Have information security staff training policies in place, as well as secure communication practices, such as that of Boldon James email classifier. This would make employees more aware of their organisation’s surroundings and alert to suspicious activity. The email classifier requires users to apply relevant visual labels (classifications) to each email, limiting the margin for error.

2) Make sure employees are given the right level of access to sensitive information that they require to do their job, reducing the likelihood of malicious employee activity.

3) Ensure their systems are secure through penetration (pen) testing and ethical hacking practices. This builds up the company’s defence systems so they are less vulnerable to hackers.

20th Century Fox has said that its anti-piracy unit  was addressing the issue, but this is only dealing with problem after it has occurred.

To reduce the chance of a leak happening to one of their shows again, they need to address the source of the leak, tighten up security and implement ISO 27001.

Find out more about ISO 27001 and how you can protect the assets that are important to you >>