Question

In: Computer Science

On September 7, 2017, Equifax announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers....

On September 7, 2017, Equifax announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Cyber criminals have accessed sensitive information -- including names social security numbers, birth dates, addresses, and the number of some driver's licenses.

Use the GAO Risk Assessment Methodology 3, pages 34-38, to document the vulnerabilities to Equifax and identify the recommended countermeasures / security controls to protect customer PII.

Include detailed information explaining how these security controls can reduce risk.

https://www.gao.gov/assets/690/681342.pdf

Solutions

Expert Solution

Apache Struts vulnerability led to the data breach that began in May 2017. The Subcommittee initiated an investigation into the circumstances surrounding the Equifax cybersecurity breach, which was announced on September 7, 2017.

Based on this investigation, the Subcommittee concludes that Equifax’s response to the March 2017 cybersecurity vulnerability that facilitated the breach was inadequate and hampered by Equifax’s neglect of cybersecurity.

Recommendations

Congress should pass legislation that establishes a national uniform standard requiring private entities that collect and store PII to take reasonable and appropriate steps to prevent cyberattacks and data breaches.

Congress should pass legislation requiring private entities that suffer a data breach to notify affected consumers, law enforcement, and the appropriate federal regulatory agency without unreasonable delay

Congress should explore the need for additional federal efforts to share information with private companies about cybersecurity threats and disseminate cybersecurity best practices that IT asset owners can adopt.

Federal agencies with a role in ensuring private entities take steps to prevent cyberattacks and data breaches and protect PII should examine their authorities and report to Congress with any recommendations to improve the effectiveness of their efforts.

Private entities should re-examine their data retention policies to ensure these policies properly preserve relevant documents in the event of a cyberattack.

venereology answered 10 months ago
Next > < Previous

Related Solutions

On September 7, 2017, Equifax announced a massive security breach. While the breach was originally discovered...
On September 7, 2017, Equifax announced a massive security breach. While the breach was originally discovered on July 29, the announcement was delayed by several months. An estimated 145 million US consumers were affected. The breach resulted in the loss of the following details: • Names • Social Security numbers • Birth dates • Addresses • Driver license numbers (at least in some cases) Equifax attributes the breach to a website application vulnerability that was exploited by criminals. The Apache...
Assume that in 2017, The Shallonz Corporation reported net income of $143 million, and paid dividends...
Assume that in 2017, The Shallonz Corporation reported net income of $143 million, and paid dividends totaling $36.5 million throughout the year. Their net income has been growing at about 5% per year for some time, but it is expected to grow by 20% in 2018. Growth is expected to return to the normal 5% the following year and thereafter. It has also been estimated that the company will need about $52 million in funds for capital expenditures in 2018....
On September 20, 2017, Umatilla Company announced a 4 for 1 stock split. After the split,...
On September 20, 2017, Umatilla Company announced a 4 for 1 stock split. After the split, the company will have about 24.6 million shares outstanding. Shares traded for about $375 a share the day the split was announced. What is a 4 for 1 stock split? Why do companies like Umatilla Company split their stock?    How many shares were outstanding when the stock split was announced? How will the equity section of the balance sheet be affected by this...
An article in the U.S. News & Works Report (September 28, 1981) states that approximately 21.3...
An article in the U.S. News & Works Report (September 28, 1981) states that approximately 21.3 million workers, more than a fifth of the workforce in the United States, have unorthodox working hours. More than 9.3 million work on a flexible schedule (the worker plans his own schedule) or on a weekly "compressed" schedule. A company planning to install flexible hours estimated that an average of 7 hours a day per assembly worker was needed to operate efficiently. Each of...
After September 11, 2001, U.S. consumers showed a desire to tone down their consumer activities. They...
After September 11, 2001, U.S. consumers showed a desire to tone down their consumer activities. They ordered simpler foods in restaurants and spent more time at home. Therefore, a lot of marketing campaigns began emphasizing down-home themes. At some point after a disaster, it is time to get back to business. But, major catastrophic events are likely to leave permanent changes on consumers and employees in those areas. Suppose you are approached by the owner of several delicatessens and full-service...
7. Approximately 20% of U.S. workers are afraid that they will never be able to retire....
7. Approximately 20% of U.S. workers are afraid that they will never be able to retire. Suppose 10 workers are randomly selected. What is the probability that none of the workers is afraid that they will never be able to retire? a. 0.095 b. 0.995 c. 0.1074 d. 0.1228 8. According to WSJ, about 30% of adults have 4 year college degrees. Out of five randomly selected adults, what’s the probability that three have college degrees? a. 0.13 b. 0.15...
For the fiscal year that ended on September 30, 2017 the U.S. federal deficit was $666...
For the fiscal year that ended on September 30, 2017 the U.S. federal deficit was $666 billion, an increase of $80 billion from 2016. This was the second consecutive year the deficit has increased, following several years of decline. (The deficit was over $1 trillion in 2012 and had fallen to $438 billion in 2015, but the current deficit is more than $500 billion higher than the $161 billion deficit in 2007, the year the Great Recession began.) The Congressional...
On September 3, 2017, Robin Franchises, a U.S. company, sold merchandise to a franchisee in the...
On September 3, 2017, Robin Franchises, a U.S. company, sold merchandise to a franchisee in the U.K., at a price of £8,000,000, payable in three months in pounds. To hedge its exposed asset position, on September 3, 2017, Robin entered a forward contract for delivery of £8,000,000 to the broker on December 3, 2017. On December 3, 2017, Robin received payment from the franchisee, and delivered the pounds to the broker to close the forward contract. Robin’s accounting year ends...
“Marriott International announced in November 2018 that attackers had stolen data on approximately 500 million customers....
“Marriott International announced in November 2018 that attackers had stolen data on approximately 500 million customers. The breach initially occurred on systems supporting Starwood hotel brands starting in 2014. The attackers remained in the system after Marriott acquired Starwood in 2016 and were not discovered until September 2018.”(sourced from a published report) Referring to the case given, list and explain 2 steps that can help prevent data breach like this.
“Marriott International announced in November 2018 that attackers had stolen data on approximately 500 million customers....
“Marriott International announced in November 2018 that attackers had stolen data on approximately 500 million customers. The breach initially occurred on systems supporting Starwood hotel brands starting in 2014. The attackers remained in the system after Marriott acquired Starwood in 2016 and were not discovered until September 2018.”(sourced from a published report) Referring to the case given, list and explain 2 steps that can help prevent data breach like this.
ADVERTISEMENT
Subjects
ADVERTISEMENT
Latest Questions
ADVERTISEMENT