Sony Corporation and the Management of Hacker Attacks

Sony Corporation and the Management of Hacker Attacks


Network security is a special field in computer networking which includes making the computer network infrastructure secure.  In most organizations, this field may be typically handled by a network administrator who undertakes the implementation of network software and hardware plus the security required to protect a network. In addition, this field is also mandated to protect the resources accessed through the network from unlawful access by unauthorized people as well as ensuring that the company staff has sufficient access to the network and the resources they require in order to work. A network security system depends on specific layers of protection and constitutes numerous components that include monitoring, as well as security software in addition to hardware and appliances.  All these constituencies function together in increasing the overall security of the computer network.

In the present perspective, network security has become more crucial to all users of personal computers, Organizations and even the military.   As the internet continues to develop, security has become a major concern and its foundations enable a better understanding of the emergency and development of security technology.  The structure of the internet itself has facilitated the occurrence of this security threats.  The internet architecture, if modified, could lower the possibility of attacks that could be sent across these networks.   Understanding the methods employed in security attacks could facilitate the emergency of security.  A lot more organizations may secure themselves from hacking by the use of encryption mechanisms or firewalls (Daya, 2012).


Sony Corporation and Hacker Attacks

In Sony Corporation, hackers attempted to access more than 95,000 user accounts of Sony’s internet service providers. These included the play station network which was massively attacked and resulted into a compromise of more than 100 million accounts in spring. This attack caused a loss of millions of dollars in damages and stirred a public outcry around the world.   Since this attack was manifested in Sony Corporation, the company has continued to experience such attacks in more than 10 times.  Among the targets of these attacks have been,  Sony BMG Greece, Sony Pictures, Sony Thailand, Sony Music Japan, Sony Ericcson Canada, and others (Lee, 2013)

While the attack at Sony’s play station may be regarded as the largest security attack in Sony Corporation, the company’s information system attack has continued owing to its inconsistent security across its networks. In addition, there is also an increase in the number of hackers who are just eager to punish the corporation and portraying their capability to infringing upon the organization’s defense systems (Lee, 2013). The company has come to be contented with the rising media scrutiny, discontented users and policy makers with most people wondering how such a huge organization could allow such a thing to occur.   Following this happening, Sony had apologized consistently to its customers and the general public arguing that the cyber attack was uncontrollable and were focused on stealing credit card numbers. Other experts have observed that the company had not been prepared with regard to putting up its security together and that this attack could be controlled if proper measures were put in place.

In the subsequent part, we examine how application of parts of the Information Systems Audit and Control Association business model might help Sony Corp to be prepared for any further hacker attacks

Information Systems Audit and Control Association business model

ISACA is a worldwide leader in the provision of knowledge, community, certifications, advocacy and education on assurance of information systems, IT enterprise governance, control and security; IT related security risks and compliance. Established in 1969, the association of auditors assists its members and employers in creating trust in and value with regard to their information system. In providing IT security professionals with a comprehensive guide in addressing the processes, people, organizations and technology aspects of information security, ISACA introduced a business model for information security (BMIS).  The business model is used in all enterprises of all sizes and is compatible with other information security frameworks that are already put in place. The model depends on specific technology and could be applied in all industries, countries, legal and other regulatory systems. It encompasses the conventional information privacy and security and provides connections to risk, physical security and compliance (ISACA, 2010).

The (BMIS) model incorporates the system theory and the system thinking principle underpinning the model. In its definition, a system is an organized collection of parts or subsystems which are integrated in achieving a desired objective. These systems have specific inputs under particular processes in producing specific output, together achieving the desired goal for the system. The concept that are crucial to the model are used in enhancing communication between a business unit, and the security firm,  further resulting in enhanced   information protection and better performance of the business unit ( Bertalanffy,1976).

In accordance to the system theory, a system basically constitutes of objects which may be either logical or physical, attributes describing the objects, relations among the objects as well as the environment which these systems are harbored.  In addition to the simple description of the systems, the systems theory perceives the internal process as unique and complex and is depended upon the transparency or lack of it on the system, and subject to their environment for their performance.  The framework for this theory is that, to be correctly understood, a system needs to be perceived as a holistic process and not just a sum of its parts.  A holistic approach evaluates a system as a complete functioning unit. Another principle for this theory is that one part of the system facilitates the understanding of other parts of the system. The aspect of system thinking is currently being identified as referring to the evaluation of how these systems interact, how they work and also why the whole aspect is much more in comparison to the sum of its parts (Bertalanffy, 1976).

In best describing accurately what system theory is, it can be defined as a complex network of events, relations, consequences, reactions, technologies, processes and people interacting in subsequently unseen and unpredictable ways. In studying the behavior and outcome of the interaction process could help the management at Sony Corporation in better understanding the organizational systems and the manner of its functioning; Where as the management of any discipline within an organization could be enhanced by approaching it from a perspective of system thinking, its implementation will certainly help in managing security risks at Sony Corporation.


The positive aspects which this system is poised to bring bode well for the benefits in IT security at this corporation. The consistent dramatic failures of Sony Corporation in effectively addressing security issues which it has experienced in recent years owes  partly to their incapacity at defining what security is and to present it in a manner  that is both logical  and relevant to all stakeholders. Employing the approach of system thinking to the management of information security will assist the information security management at Sony Corporation in addressing complicated and dynamic environments which will in turn result into beneficial effect on collaboration within an organization, adapt to operation modification, navigation of strategic unpredictability and tolerance on the influence of external issues.




Bertalanffy, L. (1976) “General System Theory: Foundations, Development, Applications

 George Braziller, 1976

Daya, B (2012). “Network Security: History, Importance, and Future” Available from

ISACA, (2010). “ISACA Issues New Comprehensive Business Model for Information Security

Available on

Lee, A(2013). “Why Does Sony Keep Getting Hacked?” Available from


Are you looking for a similar paper or any other quality academic essay? Then look no further. Our research paper writing service is what you require. Our team of experienced writers is on standby to deliver to you an original paper as per your specified instructions with zero plagiarism guaranteed. This is the perfect way you can prepare your own unique academic paper and score the grades you deserve.

Use the order calculator below and get started! Contact our live support team for any assistance or inquiry.