2018, the credit rating agency Equifax disclosed a major data breach involving the personal information of nearly 150 million people. Although Equifax's internal policy required patching critical vulnerabilities within 48 hours, a vulnerability was left unpatched for about 2 months. This was the vulnerability that was exploited by hackers to gain access to the system and obtain the personal information. In this exercise, you will analyze the Equifax incident and consider how the RMF could have helped Equifax prevent the incident. Carefully review this report and identify two vulnerabilities from different organizational levels, such as one vulnerability from Level 3 and one vulnerability from Level 1 or 2.
In 2018, the credit rating agency Equifax disclosed a major data breach involving the personal information of nearly 150 million people. Although Equifax's internal policy required patching critical vulnerabilities within 48 hours, a vulnerability was left unpatched for about 2 months. This was the vulnerability that was exploited by hackers to gain access to the system and obtain the personal information. In this exercise, you will analyze the Equifax incident and consider how the RMF could have helped Equifax prevent the incident.
Carefully review this report and identify two vulnerabilities from different organizational levels, such as one vulnerability from Level 3 and one vulnerability from Level 1 or 2.
Now think about the seven steps of the RMF. Summarize how these steps could have helped Equifax prevent or mitigate the vulnerabilities you identified. Identify at least one step for each vulnerability.
Trending now
This is a popular solution!
Step by step
Solved in 2 steps