Homework #2 is designed to build familiarity with preventing, detecting, and responding to security incidents. Students will work individually to analyze a well-known incident at Equifax, a credit reporting agency. Each student will submit one Microsoft Word document, uploaded to eLearning.
1. Review the report, Equifax-Report.pdf
2. Provide responses to each of these questions:
a. What is a credit reporting agency? Describe their business model and the positive and negative aspects of that model in relation to the average citizen living in the United States? What are the biggest assets of a credit reporting agency?
b. Summarize the circumstances of the incident described in the report. Describe the sequence of events and failures that resulted in the loss of confidential information assets.
c. Who were the persons most significantly involved in the incident? Explain their roles and responsibilities, as well as your analysis of their behavior. Did each act appropriately?
d. How many customers were impacted by the incident?
e. Why do you think the incident was not reported to impacted victims sooner? Do you agree with the handling of the incident?
f. What do you consider the appropriate protection or compensation to provide to victims impacted by the theft of data from Equifax? If credit report monitoring is offered, how long should that service be provided at no cost to the victim?
g. What do you suggest to be the appropriate role of government in large security events with broad impact across the population?
h. What are 5 improvements that would help Equifax avoid an incident like this in the future? Refer to security controls that you have learned about this semester.
i. Should we, as persons who may appear in credit reporting agency records, have the ability to “opt out” of services?
j. Did you learn anything unexpected by reviewing the Equifax report?
3. Students must include citations of all sources of information considered and reviewed. If other students, working professionals, books, videos, or sources were consulted, links or short descriptions must be included. Submissions including content copied from additional sources, but not including references to such source information, may be considered incomplete and may receive a reduced score.
Always cite sources and indicate with whom you collaborated. There is no room for dishonesty, plagiarism, or cheating. Properly citing sources and collaborations will help students avoid these pitfalls.