Choice point case study
Itemize the nature of the information security breach at Checkpoint and how this adversely affected the organization. Be sure to include and indicate both tangible and intangible losses in preparing your response.
[table] Nature of the information security Effects Hacking – customer Information was taken by the users who are not authorized Lawsuit and the customers are not happy Authentication failure The more secured new system of authentication is required Loss of customer trust
Customers do not trust the company anymore, new customers do not appear. Some employees could leave the company Government Investigation A lot of fines and a destroyed reputation 2. What actions were taken by both Checkpoint and the “authorities” to address the crisis, and what is your assessment of each action taken? [table] Actions Assessments Checkpoint contacts LAP Freeze the data first and then contact the police – less harm would have been done LAP Request that Checkpoint does not reveal the activity until the department conducts an investigation.
Had to tell Checkpoint to take action right away LAP Notify Checkpoint that it could get back to those customers whose data has been hacked. Had to say this before Checkpoint contacts the compromised customers That was the decision of the police to let the customers know no earlier than this time, however customers deserved to know earlier Open a hotlist for the compromised consumers Support of the victims, right decision Set up the service: one year credit-report-monitoring The decision is great to cover that what the victims lost and also keep the customers Attorney initiates lawsuit
The customers who became victims of this solution can claim the loss, right decision Senate starts Investigation Could have started earlier, right decision Northing reveals until the investigation is finished Had to reveal before to save the company and its customers’ trust 3. What reactive steps by Checkpoint might have mitigated their losses subsequent to nee r Alcove’s AT ten International security Dreaded? Explain/Justly your sconces.
[table] Mitigation of losses Explanation Difficult recovery If the steps had been taken earlier and in a right way, the problem would not occur.
For example, if they improved the authentication from the first place Immediate/ quick remove of suspected companies The problem would not go this far and the recovery would not be this hard Letting the customers who became victims right away Customers could also take action and could prevent the problem developing further. Also, customer would have had more trust in a company if they saw that the company takes actions right away Have a more regular communication with authorities The actions would have been taken quicker 4. What proactive steps by Checkpoint might deter a recurrence of such an information security breach?
Explain/Justify your choices. [table] Steps Multilevel password system Harder for unauthorized users to access protected information Smart card devices or tokens Harder for unauthorized users to access protected information Split information The access varies for different areas, so it is more difficult to get into the system Advanced security monitoring system Identifying doubtful actions Human verification system The unauthorized users do not have access, the system does not allow them to get the access Biometric security Only authorized users can access data