You are the CISO at SodaCo, an American multinational food and beverage company headquartered in Maryland.
SodaCo’s most famous product is Brew Dew®, the seventh largest carbonated beverage in North America with revenues of over $200,000,000 per year. Brew Dew was originally created and developed by Tom Dew in 1899 and called “Tom’s Dew.” In 1930, “Tom’s Dew” was purchased by SodaCo and rebranded “BrewDew,” and has been known as Brew Dew ever since. BrewDew® is a registered trademark belonging to SodaCo, and Forbes recently named BrewDew the third most recognizable trademark in North America. Brew Dew also includes a symbol on all of its products, which is a picture of mountains with the slogan “Take the Dew!” Both the symbol and slogan are also registered trademarks of SodaCo.
Take the Dew!
SodaCo has used this symbol and slogan since 1990 and has been criticized by foodies as a “boring” company.
While Brew Dew® has been the flagship product for SodaCo for almost 90 years, the beverage industry is cutthroat and SodaCo is constantly looking for the next big thing. SodaCo has been secretly working on two projects that it believes is key to long-term growth—the development of a new, cutting edge slogan and a new carbonated beverage. Recently, a well-known food blogger posted that a hacking group known as Food For Life had hacked into SodaCo’s computer systems. Food For Life revealed that SodaCo is going to launch a new slogan “Just Do it to Dew it!” in June 2017, and a new beverage “Mountain High” in 2018. SodaCo has been using personal information from customers as part of its development of both the new slogan and new beverage. For example, through online surveys of customers with online accounts at SodaCo.com, SodaCo has found that 78 percent of Brew Dew drinkers love motivational slogans, which was the impetus for “Just Do it or Dew it!”
Food For Life also ridiculed SodaCo’s security, stating that it was easy to find out this information because updates about both projects were available to every employee in the organization.
1. The CEO is very concerned about Food For Life’s hack into SodaCo’s systems and she has ordered you to conduct a full forensic investigation to identify the root cause of the incident. Ever since the blogger disclosed the hack, the CEO has been facing extensive scrutiny from the Board of Directors. The CEO has asked you to send her an e-mail with your incident response strategy, preferably outlined in bullet point format so she could use the e-mail as talking points for updating the Board of Directors. The CEO is essentially asking you to outline the objectives of your forensic investigation and the steps you plan to take. As you know by now, the CEO is very busy and she doesn’t like e-mails longer than 300 words. Keep your response to 300 words or less.
2. The CEO has asked you to describe in 300 words or less what, if any, crime Food For Life has committed and what steps could be taken to ensure that any forensic evidence collected can be admissible in court.
* * *
For Question 3 and Question 4, assume that several months have past since Food For Life hacked into SodaCo. SodaCo has now decided to launch its new product, Mountain High. As part of the product launch, SodaCo released a web clip of a young lawyer drinking Mountain High and acting silly. SodaCo’s tag line for the clip was “real people getting Mountain High.” One of the lawyer’s clients is the trade association “Companies Against Stupid Advertisements,” and after seeing the clip, the trade association fired the lawyer. The lawyer never signed a publicity waiver with SodaCo.
3. Please send the CEO a 300 word or less e-mail that summarizes potential legal issues that SodaCo might face as a result of the web clip.
4. A website that reviews new beverage products has allowed consumers to post reviews of Mountain High. The reviews have generally been negative, with one consumer stating that SodaCo is “filled with a bunch of murderers and thieves,” who stole the formula for Mountain High and had the inventor killed. While the CEO knows the allegations are ridiculous, she asked you to summarize in 300 words or less whether SodaCo can hold the website legally liable for the website post.