Reference no: EM132629529

CIS5205 Management of Information Security Assignment - University of the Sunshine Coast, Australia

Assignment - Security Incident Response Report - EQUINOX Data Breach

This assignment assesses your understanding in relation to these course objectives:

1. Analyse information security vulnerabilities, attacks and threats and determine appropriate security architecture, design and controls that can be applied to mitigate the potential risks;

2. Describe the role of disaster recovery and business continuity plans in recovering information and operational systems when systems and hardware fail.

3. Communicate effectively both written and orally about the management of information security in organisations.

Assignment - Case Study: Equifax Data Breach

You are a senior Cyber Security Consultant at HackStop Pty Ltd commissioned to conduct a critical assessment of the data breach at Equifax and prepare a Security Incident Response Report for Senior Management at Equifax.

Equifax Data Breach: Much has been written (and will continue to be written!) about the Equifax security incident. Labelled the largest corporate data breach in history, when Equifax notified of the breach in early September 2017 it immediately hit the headlines and has since continued to garner a lot of attention. The breach: Between mid-May and July 2017 hackers accessed data held by Equifax through a publicised vulnerability in a web application, for which there was a well-known patch available. Data involved in the breach included Social Security numbers, birth dates, addresses, some driver's license numbers, and about 209,000 credit card numbers. A hundred and eighty-two thousand "dispute documents," essentially complaint submissions that include personal identifying data, were also compromised in the breach.

Time between detection and notice: Apparently 6 weeks elapsed between the time the breach was discovered and notification being made by Equifax. Was this too long given the gravity of the breach? This will certainly be one of the key issues that will be examined in the coming months.

It may be that Equifax knew about the breach for more than 6 weeks. Visa and MasterCard also sent confidential alerts to financial institutions across the United States, warning them about more than 200,000 credit cards that were stolen in the epic data breach. It was reported that these alerts appeared to suggest that hackers were first able to steal credit card numbers from Equifax starting in November 2016. But Equifax says the accounts were all stolen at the same time: when hackers accessed the company's systems in mid-May 2017.

Task 1 Provide an overview of the Equifax Data Breach (1) what type of organisation is Equifax (2) when did the data breach occur and (3) type of data involved and the extent/scale of the data breach (1000 words)

Task 2 Describe how and why the Equifax data breach occurred emphasising the failure of technical and governance controls that contributed to this data breach occurring (1000 words)

Task 3 Based on a critical analysis of the Equifax Data Breach, discuss what needs to be done to improve the security of Equifax's computer systems and networks so a data breach on a such a scale never occurs again at Equifax in a set of well thought out and sensible recommendations drawing on lessons learnt from this data breach structured as (a) prevention, (b) detection and (c) response drawing on best security practice and standards (750 words)

Assignment Security Incident Response Report structure-

Cover page

Executive Summary (250 Words)

Table of Contents

Tasks 1-3 as main headings with sub sections/tasks where relevant

References and Appendices

Attachment:- Management of Information Security Assignment File.rar