Weaknesses Of Choicepoint Information Security Management Practices

1431 Words6 Pages
Question 1. What weaknesses in ChoicePoint Information Security Management practices likely contributed to their data breach? Please explain how they contributed and what Choice Point could do to strengthen these areas.

In the ChoicePoint case study,
By the end of 2004, ChoicePoint was running a business in the personal data industry with almost $920 million annual revenues. Beside Acxiom and Lexis-Nexis, ChoicePoint was either first or second in that industry. Although ChoicePoint 's focus was on securing the data, the collected consumers ' personal information, and control the access of companies and individuals to it, ChoicePoint was not hiring any Information Security Management standard which can lead to the weaknesses in ChoicePoint 's Information Security Management practices.
The first weakness on ChoicePoint was on the "credentialing process" which they used to ensure if their clients were legitimate or not. Even though they had all these precautions of using several steps to verify the authenticity of their potential customers who are looking for specific data, some fraudsters found ways to access successfully into their information and hacked the authentication process that they were used. One of the ways that identity thieves used to thwart ChoicePoint 's credentialing process was by using fake documents to prove that their fake businesses existed, and then they got an access to ChoicePoint 's databases.
Noticing that the previous incident was not the first
Open Document