Question 1. What weaknesses in ChoicePoint Information Security Management practices likely contributed to their data breach? Please explain how they contributed and what Choice Point could do to strengthen these areas.
In the ChoicePoint case study,
By the end of 2004, ChoicePoint was running a business in the personal data industry with almost $920 million annual revenues. Beside Acxiom and Lexis-Nexis, ChoicePoint was either first or second in that industry. Although ChoicePoint 's focus was on securing the data, the collected consumers ' personal information, and control the access of companies and individuals to it, ChoicePoint was not hiring any Information Security Management standard which can lead to the weaknesses in ChoicePoint 's Information Security Management practices.
The first weakness on ChoicePoint was on the "credentialing process" which they used to ensure if their clients were legitimate or not. Even though they had all these precautions of using several steps to verify the authenticity of their potential customers who are looking for specific data, some fraudsters found ways to access successfully into their information and hacked the authentication process that they were used. One of the ways that identity thieves used to thwart ChoicePoint 's credentialing process was by using fake documents to prove that their fake businesses existed, and then they got an access to ChoicePoint 's databases.
Noticing that the previous incident was not the first
Identify at least 3-5 potential information security risks that the lab may be exposed to and propose counter measures for addressing those risks. Identify security technology and products that could be used to protect the lab environment from these risks. Use
P1. Identify the threats and the consequences of a failure in securities that exist to the security of people, property and premises in a public service.
Ensuring the security of organizational and employee information is vital for any organization. Security misfortune can be damaging to the organization and the affected employees. In the case of Huffman Trucking information stored in the database includes names, social security numbers, and personal employee information used for the Benefits Election System. The cost of loss of such information typically results in the same outcome - the loss of financial resources or the harm to one's information. In an effort to
* Discuss three (3) security concerns of corporations in the U.S. Next, analyze the overall manner in which you would use security analysis to identify levels of concern and propose one (1) strategy to mitigate the concerns in question. Provide a rationale to support your response.
The first alternative discussed would have a positive impact on Choicepoint, its customers, and the average citizen. Choicepoint would be correcting its databases at very little cost to the company by using voluntary submissions. This would help its public image and it could say it was giving people every opportunity to make sure information about them was correct. Customers of Choicepoint would have the dual benefit of doing business with a company no longer being
* Discuss three (3) security concerns of corporations in the U.S. Next, analyze the overall manner in which you would use security analysis to identify levels of concern and propose one (1) strategy to mitigate the concerns in question. Provide a rationale to support your response.
Winston Hao, the owner of Datavast Inc., is operating at a loss and needs to find out a way to be profitable this year. Datavast Inc. sells Data Security Boxes to big and small companies in China who are new to the concept of cloud storage. Winston Hao needs to dial in his target market, but the real issue is not enough sales. Hao is certain to segment to try to emphasis deep in order for him to build up his company. One of the issues that affect Datavast would be that either the market is behind in data storage or none at all. It’s also in lack of protection to face bankruptcy. Hao wants to target either small companies
1. What are some of the emerging IT security technologies that should be considered in solving the Problem related to the case?
As technology grows and information has become a critical asset companies currently are devoted their resource and money to protect their data as important as their finance and human resource assets.
ChoicePoint was created in 1997 in Alpharetta, Georgia, as a spinoff company to Equifax, a well-known credit reporting company. Over seven years, information-gathering companies were purchased by ChoicePoint in order to collect data on every American. The data collected ranged from credit reports, criminal history, certificates of birth and death, etc. The targeted buyers varied from banks, debt collectors, law enforcements, and more. By 2004, they profited $1 billion annual revenues by selling the collected reports to the targeted buyers (Boatright, 2011, p.130).
1. When Cheryl Smith, the new CIO, arrived at WestJet she was asked by the CEO to advise whether the company had adequate IT or not. What aspects did she assess? What is your view on the strengths and weaknesses of this assessment? What is your view on her resulting priorities?
There were a number of factors that contributed to the breach, which had they been addressed or had corresponding mitigation responses in place, would have reduced the likelihood that the breach would have taken place, or at a minimum reduce the impact of the attack. These items range from policy related issues, technology implementations, and security management and maintenance. Although I believe a number of these areas were in the process of being addressed, based on the information gathered regarding the details of the incident, it appears that it was still in many areas insufficient and would not have prevented an incident even if there had been more time available to perform the implementations.
Primary reasoning for the data breach could be contributed to the fact that ChoicePoint did not have any clear policy for customer credential enquiry process. As a result frauds could easily create false IDs and have access to the data.
a. Did Altex need a new system? (What are the most critical problems facing Altex at the takeover? what does Ted see as the purpose of a control system? Did Altex meet their objectives?)