Professional Documents
Culture Documents
Activity 3 John Vincent Bauzon
Activity 3 John Vincent Bauzon
Activity 3 John Vincent Bauzon
BSIT3-BLK2
Sure, here is another case study on risk management and vulnerability assessment in
cybersecurity:
Background:
In September 2017, credit reporting giant Equifax announced that it had suffered a massive data
breach, exposing the personal information of 147 million people in the United States, as well as
15.2 million in the United Kingdom and 19,000 Canadians. The breach was caused by a
vulnerability in the Apache Struts software used by Equifax's online dispute portal.
Equifax had a patch available for the Apache Struts vulnerability for two months before the
breach occurred, but failed to apply it in a timely manner. This highlights the importance of
integrating risk management into the Software Development Life Cycle (SDLC) and ensuring
that vulnerabilities are identified and addressed in a timely manner.
Equifax's management team was heavily criticized for their handling of the breach, with many
pointing to a lack of accountability and transparency. The company's former CEO, Richard
Smith, was called to testify before Congress and faced tough questions about the company's
security practices and response to the breach.
Equifax's use of vulnerability assessment tools was also questioned following the breach. The
company had reportedly used a scanning tool to identify vulnerabilities, but had failed to detect
the Apache Struts vulnerability. This highlights the importance of using comprehensive
vulnerability assessment tools and ensuring that they are properly configured and maintained.
Mitigation Strategies:
To mitigate the risks associated with data breaches, organizations should consider implementing
a multi-layered security approach that includes:
Documentation:
The final report for this case study should include a detailed analysis of the Equifax data breach,
including the causes, impact, and response efforts. The report should also include
recommendations for improving risk management and vulnerability assessment processes, as
well as strategies for mitigating the risks associated with data breaches.
Presentation Preparation:
The presentation for this case study should include a clear and concise explanation of the
Equifax data breach, including the causes, impact, and response efforts. The presentation should
also include visuals, such as charts and diagrams, to help illustrate the key points.
Presentation Session:
During the presentation session, it is important to clearly explain the key findings of the case
study, including the causes of the breach, the impact on Equifax and its customers, and the
lessons learned from the experience. It is also important to be prepared to answer questions from
the audience and defend the recommendations made in the report.
After the presentation, it is important to engage in a discussion with the class and solicit
feedback on the analysis and mitigation strategies presented. This can help identify potential
weaknesses or gaps in the analysis and provide valuable insights for improving the overall risk
management process.