Analysis Of Choicepoint 's Information Security Management Practices

1484 Words6 Pages
1. Some of the weaknesses in ChoicePoint’s Information Security Management practices that likely contributed to their data break are:
• Verification Process
• Access to virtually any data
• Recognition of Fraudulent Activity

Verification Process
While reading this document I realized, if ChoicePoint would have taken adequate measures to verify who their customers were some of the resulting consequences could have been mitigated. Though various checks were put into place to authenticate their customers, identity thieves still managed to circumvent those checks and gain access to ChoicePoint’s data. This issue could have been addressed by enacting more robust security checks to authenticate who the customer really is. By incorporating more methods to authenticate a customer or potential client, ChoicePoint could have greatly reduced the probabililty of an unauthorized person gaining access to ChoicePoint’s data. Also it must be noted, the data breached didn’t take place from a technical avenue but more so from a social engineering. Training and educating employees about social engineering can thwart the success of those attacks.
Access to virtually any data
Another mistake that Choicepoint is responsible is allowing unrestricted access to data. In this scenario, “…customers were able to access virtually any of its data, not just that to which they were supposedly entitled.” (p. 10) The problem here is no mechanisms were put into place to restrict access to data not authorized

More about Analysis Of Choicepoint 's Information Security Management Practices

Get Access