DB#7

.docx

School

CUNY John Jay College of Criminal Justice *

*We aren’t endorsed by this school

Course

377

Subject

Information Systems

Date

Apr 3, 2024

Type

docx

Pages

2

Uploaded by EarlRamPerson504

1. How did the organization identify that there was a security problem? Equifax identified the security problem through investigative efforts led by the FBI's Atlanta Field Office. According to the article, it was mentioned, "To uncover the actors behind the Equifax theft, a broad and multinational investigative team led by the FBI’s Atlanta Field Office tracked the crime’s digital breadcrumbs back to the four co-conspirators..." (n.a., 2020). This suggests that external investigation by law enforcement agencies was crucial in identifying the security breach. 2. What was determined to be the cause of the breach? The cause of the breach was attributed to a vulnerability in the dispute resolution website within the Equifax system, which was exploited by the hackers. The article states, "According to the indictment, Wu Zhiyong, Wang Qian, Xu Ke, and Liu Lei exploited a vulnerability in the dispute resolution website within the Equifax system" (n.a., 2020). 3. What initial actions were taken to deal with the situation? Following the identification of the breach, the U.S. Department of Justice announced charges against the perpetrators, which signifies the initiation of legal proceedings. The article mentions, "Today, the U.S. Department of Justice announced charges against four Chinese military-backed hackers in connection with carrying out the 2017 cyberattack against Equifax..." (n.a., 2020). 4. Were any new security tools, technologies, or policies eventually implemented to safeguard their systems? Equifax likely implemented new security tools, technologies, or policies following the breach to enhance their system's security. This is a common response for organizations after experiencing a security incident of such magnitude. Measures such as implementing advanced intrusion detection systems, strengthening access controls, enhancing encryption protocols, conducting regular security audits, and increasing employee training on cybersecurity best practices are typical actions taken to bolster security post-breach. Additionally, Equifax may have revamped their incident response and crisis management protocols to ensure a more efficient and effective response in the event of future security incidents. 5. What was the business impact? The breach had a significant business impact, as it led to the largest known theft of personally identifiable information ever carried out by state-sponsored actors. Additionally, it was stated, "U.S. Attorney General William Barr said the Equifax intrusion is among other efforts by the Chinese government to steal the personal data of Americans" (n.a., 2020). This suggests a broader implication on national security and consumer trust. 6. Generally speaking, in your opinion, how can a business determine the value of investing in security and control? Investing in security and control is crucial for businesses to safeguard their assets, maintain customer trust, and mitigate financial and reputational risks associated with data breaches. The Equifax breach serves as a poignant example of the potential consequences of inadequate security measures. Businesses can determine the value of investing in security and control by conducting thorough risk
assessments, evaluating potential costs of breaches, considering regulatory requirements, and recognizing the long-term benefits of maintaining a secure environment for data and operations. Additionally, proactive investment in security measures can demonstrate commitment to protecting stakeholders' interests and enhance competitiveness in the marketplace.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help