USA: +1(669)289-8683
USA: +1(669)289-8683

response 2 655

100 word response 1 reference due 1/13/2023

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

Okkashe

In March 2017, one of the largest credit reporting companies “Equifax” was impacted by a data breach. Hackers infiltrated the systems and transferred millions of (PII) personally identifiable information and credit card account numbers. The data breach affected approximately 143 million US citizens. In addition, the breach cost the company billions of dollars in losses, a loss of public trust, and a permanent effect on its reputation.

How did the breach take place? Hackers exploited a vulnerability of the company consumer complaint portal. Eventually, they were able to infiltrate into other systems and servers, connect to the database, extract the data, and transfer terabytes of data without any detection.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

The failure to patch a known vulnerability on a public website exposed the entire internal systems to hackers, furthermore, the failure to create multiple security layers between systems allowed direct access to the data. In addition, failure to renew the encryption certification allowed the hackers to read and export the data without decryption. Finally, their lack of monitoring allowed the hackers to transfer vast amounts of data without any detection.

Failure of system security governance failed several principles, such as.

1. Failure of proper assignments of roles and responsibilities.

2. Ineffective assignments of ownership of information assets.

3. Poor and ineffective testing controls.

4. Absence of system/network monitoring

Negligence in patching a known vulnerability could have been prevented by having additional personnel oversee, verify and validate that the patch was updated. Usually, patches are applied to the test system, pass quality control, documented, and applied to production operations. The oversight on renewing the encryption certificate could have been prevented if control processes and ownership were implemented and documented, while monitoring of network traffic should have detected the volume of data moving outside the internal network

Are you stuck with your online class?
Get help from our team of writers!
Order Today

Order your essay today and save 20% with the discount code RAPID

Order Now