Milestone One
docx
keyboard_arrow_up
School
Southern New Hampshire University *
*We aren’t endorsed by this school
Course
IT-549-Q15
Subject
Information Systems
Date
Jan 9, 2024
Type
docx
Pages
5
Uploaded by SuperHumanSheep1739
Milestone One
Corey MacFadden
Southern New Hampshire University
IT 549: Foundation in Info Assurance
Peter Mylonakos
12/17/2023
Milestone One
The Equifax data breach of 2017 is considered one of the most significant cybersecurity incidents
that affected over 140 million people worldwide which includes about 40% of US citizens (Fruhlinger, 2023). The breach began in May and continued until July 2017. This wasn’t publicly disclosed by Equifax until September 2017. It involved unauthorized access to Equifax's systems, resulting in the exposure of sensitive personal information including Social Security numbers, birth dates, addresses, and,
in some cases, credit card information. The breach had occurred because of Equifax’s poor cybersecurity practices such as inadequate controls, unchecked vulnerability management and insufficient detection and
response capabilities which reflects on a poorly crafted information assurance plan and poor cybersecurity
buy in from stakeholders.
Goals and Objectives
The goal of this Information Assurance Plan as with any, is to prevent Equifax from having another large-scale breach and to mitigate the risks that come with being one of the largest credit agency in the world. The objective is to create an Information Assurance (IA) plan to properly secure Equifax’s information by adhering to the CIA triad. This can be achieved by creating policies, processes, and implementing the proper controls that prevent or mitigate the risk of vulnerabilities being exploited.
Equifax's breach in 2017 exemplified the critical importance of the CIA triad. This compromise led to the unauthorized access and disclosure of sensitive personal information, representing a failure in maintaining confidentiality. Also, the integrity of Equifax's data was compromised as the Threat Actor(s) could potentially perform unauthorized alterations. The breach also impacted the availability of Equifax's services, affecting their ability to provide timely and reliable credit reporting. Implementing an Information Assurance plan around confidentiality, integrity, and availability could have mitigated these risks, protected Equifax's reputation, and demonstrated a commitment to customer trust. Creating and maintaining an Information Assurance plan for Equifax will offer several benefits. Firstly, it will help mitigate risks by identifying and addressing potential threats to information assets.
Compliance with industry regulations and standards is facilitated, ensuring legal adherence. Effective IA planning also contributes to reputation management by demonstrating a commitment to safeguarding sensitive information, thus fostering customer trust. Operational continuity is another advantage, as a well-structured plan ensures that business operations can persist even in the face of unexpected events. In essence, Information Assurance planning is integral to an organization's overall security posture and resilience in the ever-evolving landscape of information threats.
Confidentiality, Integrity, and Availability
In 2017, the Equifax data breach had a damaging impact on the confidentiality, integrity, and availability of information within the organization. The compromise of sensitive data, including Social Security numbers and financial information, is a breach of confidentiality. The unauthorized access may have led to potential alterations, raising concerns about the integrity of Equifax's data. Also, disruptions in
normal system functioning affected the availability of information, impacting the timely provision of credit reporting services. Current protocols and policies
Equifax's information security protocols and policies in 2017 implies the existence of foundational measures such as access controls and encryption standards. However, the substantial breach showed deficiencies in the implementation or enforcement of these policies, pointing to lapses in monitoring, outdated security measures, or oversights in identifying and mitigating vulnerabilities. Additionally, deficiencies in employee training and awareness programs could have contributed to potential vulnerabilities, highlighting the need for a more comprehensive and well-enforced information assurance strategy. Some barriers to implementing a new information assurance plan encompass organizational challenges, such as resistance to change and resource constraints. Resistance may emerge from employees and management reluctant to adapt to new practices perceived as disruptive. Resource constraints, both in terms of finances and personnel, could limit the organization's ability to invest in advanced security technologies or hire skilled professionals for effective implementation.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
References
Fruhlinger, J. (2023). Equifax data breach FAQ: What happened, who was affected, what was the impact?
CSO Online. https://www.csoonline.com/article/567833/equifax-data-breach-faq-what-happened-
who-was-affected-what-was-the-impact.htmlOrganization Name. (Year, Month Day). Webpage Title
. URL
.
Robinson, T. (2021, June 26). What’s really changed three years after Equifax breach? SC Media. https://www.scmagazine.com/news/content/whats-really-changed-three-years-after-equifax-
breach
Barret, E. (2023) A hack at Equifax exposed the data of 147 million people. here’s what businesses can learn from the company’s response, Click here to refresh. Available at: https://www.aol.com/finance/hack-equifax-exposed-data-147-141338466.html (Accessed: 20 August 2023).
Center, E. P. I. (n.d.). EPIC - Equifax Data breach. https://archive.epic.org/privacy/data-breach/equifax/
For additional information on APA Style formatting, please consult the APA Style Manual, 7th Edition
.