Yahoo

docx

School

University of Wisconsin, Stout *

*We aren’t endorsed by this school

Course

6035

Subject

Information Systems

Date

Apr 3, 2024

Type

docx

Pages

1

Uploaded by KidArt9882

Report
Case Study 1. Given this breach affected so many people, do you think that Yahoo! experienced enough of a loss as a result? Should the fines have been greater? Do you think fines are even effective? a. I believe the fines should have been greater purely on the grounds that Yahoo! made consistent efforts to cover up the breach. Reading more into the breach it seems to be the first of it’s kind where a company actively tried to cover up a breach and thus SEC and DOJ did not have a precedent to base their fines and charges off of. It seems Yahoo! also suffered great loses in the public eye but I still feel like this does not make up for the fact that basically their entire user base – 3 billion accounts – had been affected in some way or another by this breach. I think that if Yahoo! had done the right thing and disclosed the breach from the start, their loses would’ve been far less and they would’ve maintained a good image in the public eye. 2. Do you think Yahoo! intentionally tried to cover up the breach? Why or why not? a. Yes. From all the sources that was provided one can see that Yahoo! intentionally tried to both downplay and cover up the breach. Both senior management and legal teams were advised of the breach at the time of the incident, and they were made aware of the number of compromised accounts. Yet the decision (or lack thereof) was made to only notify 26 out of the 500 million users of the breach. The breach was not fully disclosed until 2 years later in an acquisition negotiation, where again Yahoo! attempted to mislead Versizon stating the company only suffered 4 minor breaches. Thus based on what’s provided I think its quite clear that Yahoo! intentionally tried to cover the incident up. 3. What do you think about Yahoo!'s original choice to not require users to reset their passwords? a. I think this poor decision further exemplifies the need for a good CISO and maybe in a BISO in these large companies. As a CISO/BISO of a large company it’s your job to convince and educate upper management on the importance of good security practices, thus I find the decision to not require password changes a failure of the CISO and their role in educating upper management. I also think this just made their public image worse. If I was a consumer of Yahoo! and I saw that they didn’t require password changes after a breach, I would stop using their services and move to a more secure company.
Discover more documents: Sign up today!
Unlock a world of knowledge! Explore tailored content for a richer learning experience. Here's what you'll get:
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

Module 7 - Remediation.docx
Module 4 - Worley - Evidence.docx
MCQ exam1.docx
Module 12_ Quiz - Chapter 12 Digital Transformation_ Cloud, E-commerce, and AI.docx
6.2Cyber200.docx
FSC100 Notes.pdf
Lab 9 answer sheet.docx
20220710_13_MakrisJohn.docx
20220626_11_Makris_Johnny.docx
Laboratory 4 WINTER (2)-8851426.docx
Research Paper.docx
Individual Application #1.pdf