Choicepoint Attack Case Study

Checkpoint Authorities Novo. 2004 unusual actively to LAP, comply with Authorities Request that Cholesterol keeps it private for now, so as to not cause chaos Jan. 005 allowed to alert the affected customers Grants access for Checkpoint to talk about the committed crimes Feb… 005 established assistance hotlist for affected customers, pays for credit reports and one year of credit-report-monitoring for each affected client Attorneys representing the affected customers initiate a class-action lawsuit for $75,000 for each of the 145,000 affected customers US senate announces their investigation in the matter 2006, State of California employs legislature which holds large penalties for impasses which fail to report crimes of this sort to the appropriate authorities, this legislature has spread to most of the country since then 3. What reactive steps by Checkpoint might have mitigated their losses subsequent to their discovery of the information security breach? Explain/justify your choices. Shutting down their systems when they noticed the unusual activity This would have cut the tie to the fraudsters for the mean time, however would reflect poorly on the company. This would of course require Checkpoint also notifying the appropriate authorities.

Employ more secured and thorough security checkpoints so that having some personal information does not grant access to further personal information of customers If Checkpoint were able to find a way to make it harder for such crimes to occur, by making it harder to get into the account and personal information of their customers, requiring more than Just some documents, but perhaps a password system, or some other sort of checkpoint which would be more secure. Though this is less likely and more farfetched, it may have been possible for Checkpoint to work tit the FBI or whoever the appropriate authority is to catch the criminals. Checkpoint could have continued connections with the fraudsters in order to obtain IP addresses of the criminals, or otherwise aid the investigation through not making the investigation public and not raising awareness of the fact that Checkpoint and the FBI knew that the crimes were being committed. 4. What proactive steps by Checkpoint might deter a recurrence of such an information security breach? Explain/Justify your choices. [table]

Similar to the previous question Employ more thorough and secure checkpoint systems which can take more steps to verify the legitimacy of a connection and an attempt to view personal information in customer accounts This would prevent similar intrusions occurring again, by employing perhaps a password system that is separate to their existing checkpoints, so that personal documents regarding customers aren’t the only thing required to gain access. An alternative would be another type of authentication system aside room a password system which would guarantee authentic and legitimate connections only. Require face-to-face meetings regarding personal information If it is that important for someone to view or edit their personal information on their customer account, then they should be able to make time to make an appointment to see someone in person about it. This would prevent a single fraudster from accessing multiple accounts, and would further the authentication process, preventing illegitimate connections.


I'm Emmie!

Want to get a unique case study on this topic?

Check it out