In the summer of 2017, it was revealed that Equifax, a massive credit reporting bureau managing...
Fantastic news! We've Found the answer you've been seeking!
Question:
Transcribed Image Text:
In the summer of 2017, it was revealed that Equifax, a massive credit reporting bureau managing the credit rating and personally- identifying information of most credit-using Americans, had suffered a severe security breach affecting 143 million Americans.5 Among the data stolen in the breach were social security and credit card numbers, birthdates, addresses, and information related to credit disputes. The scale and severity of the breach were nearly unprecedented, and to make things worse, Equifax's conduct before and after the announcement of the breach came under severe criticism. For example, the website created by a PR consulting firm to handle consumer inquiries about the breach was riddled with security flaws, despite requesting customers submit personally-identifying information to check to see if they were affected. The site also told consumers that by using the site to see if they were affected, they were waiving legal rights to sue Equifax for damages related to the breach. The site, which gave many users inconsistent and unclear information about their status in the breach, offered to sell consumers further credit protection services from Equifax, for a fee. Soon it was learned that Equifax had known of the May 2017 breach for several months before disclosing it. Additionally, the vulnerability the attackers exploited had been discovered by Equifax's software supplier earlier that year; that company provided a patch to all of its customers in March 2017. Thus Equifax had been notified of the vulnerability and given the opportunity to patch its systems, two months before the breach exposed 100 million Americans to identity theft and grievous financial harm. Later, security researchers investigating the general quality of Equifax's cybersecurity efforts discovered that on at least one of Equifax's systems in Argentina, an unsecured network was allowing logins with the eminently guessable 'admin/admin' combination of username and password, and giving intruders ready access to sensitive data including 14,000 unencrypted employee usernames, passwords, and national ID numbers. Following the massive breach, two high-ranking Equifax executives charged with information security immediately retired, and the Federal Trade Commission launched an investigation of Equifax for the breach. After learning that three other Equifax executives had sold almost two billion dollars of their company stock before the public announcement of the breach, the Department of Justice opened an investigation into the possibility of insider trading related to the executives' prior knowledge of the breach. Q1. Of the ten types of ethical challenges for cybersecurity practitioners, which of those types does the Equifax case study potentially involve? Explain your answer (5 Marks) Q2. If you were hired to advise another major credit bureau on their information security, in light of the Equifax disaster, what are three questions you might first ask about your client's cybersecurity practices, and their ethical values in relation to cybersecurity? (4 Marks) In the summer of 2017, it was revealed that Equifax, a massive credit reporting bureau managing the credit rating and personally- identifying information of most credit-using Americans, had suffered a severe security breach affecting 143 million Americans.5 Among the data stolen in the breach were social security and credit card numbers, birthdates, addresses, and information related to credit disputes. The scale and severity of the breach were nearly unprecedented, and to make things worse, Equifax's conduct before and after the announcement of the breach came under severe criticism. For example, the website created by a PR consulting firm to handle consumer inquiries about the breach was riddled with security flaws, despite requesting customers submit personally-identifying information to check to see if they were affected. The site also told consumers that by using the site to see if they were affected, they were waiving legal rights to sue Equifax for damages related to the breach. The site, which gave many users inconsistent and unclear information about their status in the breach, offered to sell consumers further credit protection services from Equifax, for a fee. Soon it was learned that Equifax had known of the May 2017 breach for several months before disclosing it. Additionally, the vulnerability the attackers exploited had been discovered by Equifax's software supplier earlier that year; that company provided a patch to all of its customers in March 2017. Thus Equifax had been notified of the vulnerability and given the opportunity to patch its systems, two months before the breach exposed 100 million Americans to identity theft and grievous financial harm. Later, security researchers investigating the general quality of Equifax's cybersecurity efforts discovered that on at least one of Equifax's systems in Argentina, an unsecured network was allowing logins with the eminently guessable 'admin/admin' combination of username and password, and giving intruders ready access to sensitive data including 14,000 unencrypted employee usernames, passwords, and national ID numbers. Following the massive breach, two high-ranking Equifax executives charged with information security immediately retired, and the Federal Trade Commission launched an investigation of Equifax for the breach. After learning that three other Equifax executives had sold almost two billion dollars of their company stock before the public announcement of the breach, the Department of Justice opened an investigation into the possibility of insider trading related to the executives' prior knowledge of the breach. Q1. Of the ten types of ethical challenges for cybersecurity practitioners, which of those types does the Equifax case study potentially involve? Explain your answer (5 Marks) Q2. If you were hired to advise another major credit bureau on their information security, in light of the Equifax disaster, what are three questions you might first ask about your client's cybersecurity practices, and their ethical values in relation to cybersecurity? (4 Marks)
Expert Answer:
Answer rating: 100% (QA)
The answer provided below has been developed in a clear step by step manner Step 1 1 Since the burea... View the full answer
Related Book For
Intermediate Accounting
ISBN: 978-0324592375
17th Edition
Authors: James D. Stice, Earl K. Stice, Fred Skousen
Posted Date:
Students also viewed these computer network questions
-
Assume that there are two countries, America and Europe, both producing food and cloth- ing from land and labor. America is relatively abundantly endowed with land, compared to Europe, and land is...
-
please help explain and answer study question number 2 & 3 page discussion questions 1. refer to the fundamental principles governing an audit (see chapter 2@ ). under the responsibili
-
At the start of Year 1, you buy 1000 shares of stock at $225 a share; the stock currently pays $7.35 per share in quarterly dividends. Price of the stock grows as follows: by the end of Year 1, the...
-
The economic environment of our country currently does not lend itself to being able to successfully run capital campaigns. In a two page document, research and identify 2 successfully capital...
-
Suggest two reasons why the adjustments proposed by independent auditors more often than not call for reducing recorded earnings.
-
Baich Department Store is divided into three major departments: Mens Clothing, Womens Clothing, and Home Furnishings. Each of these three departments is supervised by a manager who reports to the...
-
What might be the challenges of a board member serving on an organizational committee?
-
Chem-Lite, Inc., maintains its accounts on the basis of a fiscal year ending March 31. At March 31, 20X1, the Equipment account in the general ledger appeared as shown below. The company uses...
-
If you are an employer, what kinds of moral hazardLOADING... problems might you worry about with your employees?
-
Round the following numbers to two decimal places: a. 26.412 ____________ b. 62.745 ____________ c. 36.846 ____________
-
Suppose that you take $10,000 of currency you are holding at home in a safe and you deposit the $10,000 into your checking account deposit at Bank Y. Assume that Bank Y has no excess reserves at the...
-
What are the mechanisms by which prokaryotes cause disease in host organisms? Discuss the role of virulence factors such as toxins, adhesins, and secretion systems in prokaryotic pathogenicity .
-
A 3 . 5 0 0 kg block is connected to a spring with a force constant of 2 0 N / m The block is pulled back to + 0 . 0 5 0 0 0 m for the amplitude. Determine the magnitude of the velocity when the...
-
The following is a list of accounts and adjusted amounts for Rollcom, Incorporated, for the fiscal year ended September 30, 2021. The accounts have normal debit or credit balances. Accounts Payable...
-
BusyBee Industries, a manufacturer of construction materials and home design goods, has begun to experiment with additive manufacturing to 3D-print customized flooring and countertop options. How...
-
Describe the various concepts used to define a species (e.g., biological, morphological, phylogenetic). How do these concepts influence taxonomic classification, and what are the implications for...
-
1 10 Points What would be the output of the following code? x = [1, 2, 3] y = [4, 5, 6] print(x + y) A. 1, 2, 3, 4, 5, 6 B. Error C. [1, 2, 3][4, 5, 6] D. [1, 2, 3, 4, 5, 6]
-
Why do markets typically lead to an efficient outcome for buyers and sellers?
-
On December 31, 2009, Durst Company's balance sheet showed the following balances related to its securities accounts: Durst's securities portfolio on December 31, 2009, was made up of the following...
-
What is the importance of the term probable in the definition of an asset?
-
Total wages and salaries for the month of January were $50,000. Because it is January, no employee has yet reached the FICA tax cap amount, so the full FICA tax percentage is applicable to the entire...
-
Classify the following as an income, an expense, an asset or a liability: (a) Friend owes business money (b) Football clubs gate receipts (c) Petrol used by a car (d) Photocopier (e) Revenue or Sales...
-
Managers should only supply fi nancial information to the current shareholders of companies, no other user groups have any rights at all to information, particularly not the general public or...
-
Sharon Taylor has the following financial details: Required: Prepare Sharon Taylors (a) Income Statement (Profit and Loss Account) (b) Statement of Financial Position (Balance Sheet) (c) Statement of...
Study smarter with the SolutionInn App