Presentation is loading. Please wait.

Presentation is loading. Please wait.

The ChoicePoint Attack – Case Study. Team F Susan Crowley Nafisah Hunter Beata Kolodziej Ingrid Macias Toni Steiner Maria Velasco.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "The ChoicePoint Attack – Case Study. Team F Susan Crowley Nafisah Hunter Beata Kolodziej Ingrid Macias Toni Steiner Maria Velasco."— Presentation transcript:

1 The ChoicePoint Attack – Case Study

2 Team F Susan Crowley Nafisah Hunter Beata Kolodziej Ingrid Macias Toni Steiner Maria Velasco

3 Toni

4 ChoicePoint exposed itself to considerable expense, problems and possible loss of brand confidence. What are the ethical issues? What is ChoicePoint’s response? Did ChoicePoint choose wisely?

5 Full disclosure o Legal  California Security Breach Notice Law  Security Freeze Law  www.annualcreditreport.com. www.annualcreditreport.com  www.consumersunion.org/campaigns/Breach_laws_Ma y05.pdf www.consumersunion.org/campaigns/Breach_law  www.consumer.gov/idtheft.com www.consumer.gov/idtheft.com  ww.privacyrights.org

6 Consider the question from the viewpoint of o Customers  The customers had a right to know that their information had been compromised.  It was the morally right thing for ChoicePoint to do. o Law enforcement personnel  Law enforcement personnel needed to know so that they could conduct their own investigation and possibly catch the criminals. o Investors  The price of their stock would decline when the news would be disclosed, but long term it would help that ChoicePoint did not hide the facts.

7 Management o Senior Mgmt must make prudent decisions in light of available information. o They must consider the factors and take cost- effective action to reduce probable losses.  Every company must periodically evaluate its security program.

8 A corporation has obligations, not just to its stockholders, but also to all the other constituencies that affect or are affected by its behavior, that is, to all parties that have a stake in what a corporation does or doesn’t do.

9 Corporations have responsibilities beyond simply enhancing their profits because, as a matter of fact, they have such great social and economic power in our society. With that power must come social responsibility.

10 Beata

11 Given ChoicePoint’s experience, what is the likely action of similar companies whose records are compromised in this way? - this crime is an example of a failure of authentication not a network break in, ChoicePoint's firewalls and other safeguards were not harmed; - the likely action that should be taken by the similar companies to avoid such problems in the future could be issuing more authenti- cation methods. Given your answer, do you think federal regulations and additional laws are required?

12 for example: include an username, password, include some sample questions that the answers will be known only to a given individual. - also, evaluating the security program of the given com- pany at a given time; - keeping an eye on the activity of the accounts so every abnormality will be quickly spotted.

13 * Given your answer, do you think federal regulations and additional laws are reguired? - regarding to the fact that there is an increasing level of identity theft in this country even though companies are trying to find security solution for that, there is a definite need for issuing tougher laws that will protect people, when the information about them is stolen, or simply somebody is using that information without their consent. - regulations must be clear that identity theft is a serious crime, and there is a punishment for those who do this.

14 What other steps could be taken to ensure that data vendors notify people harmed by data theft? - security needs to be applied closely to the information it is protecting to be effective - make the information less available for "third parties" google documents - ensuring that protection cannot be arbitrarily removed by end-users or system administrator. - controlling access and usage privilegies

15 Ingrid

16 Visit http://choicepoint.comhttp://choicepoint.com Summarize the products that ChoicePoint provides. What seems to be the central theme of this business?

17 Business and Non-Profit Solution LexisNexis® Risk Solutions delivers comprehensive credentialing, background screening, authentication, direct marketing and public records services to businesses and nonprofit organizations.

18 Government Solutions LexisNexis® Risk Solutions provides information, analysis and distribution solutions to advance the efforts of law enforcement, public safety, health care, child support enforcement, entitlement and other public agencies.

19 Central theme The LexisNexis Risk Solutions delivers actionable intelligence to help clients make critical business decisions with confidence and speed. Their solutions are designed to serve the multi- billion dollar risk information industry, which includes professionals and organizations in areas such as insurance, law enforcement.............

20 Nafisah

21 Review the security policy material in this chapter and reflect on an appropriate program policy for ChoicePoint. Describe why ChoicePoint needs a security policy. Who and what should be governed by such a policy?

22 Consider not only employees, but also o Data subjects o Customers o Data sources o & Partners

23 Why ChoicePoint Needs a Security Policy? In order to meet its business mission which is to provide risk-management and fraud-prevention data. ChoicePoint's most important asset is information. Data sources must feel confident that ChoicePoint can ensure the confidentiality, integrity and availability of this asset. Security should be integrated into ChoicePoint's business processes to protect information and assets that support its business.

24 Goal of Security Program To protect information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction. Assets to be protected are computer facilities, programs, and sensitive data. This policy will ensure the enforcement of security programs and policies. The Office of the Chief Information Officer will be responsible for managing security programs and policies.

25 Who will be governed by the security policy? Employees Customers Data Sources (public & private) Partners (City of Denver's Vital Records Dept) Data Subjects (those on whom data is maintained)

26 Human Safeguards ChoicePoint Should Consider Customers would have to enter into contracts that set up security measures that are appropriate to the sensitivity of the data they are supplied. Customers would be subjected to screening / background checks for authenticity of their business. Customers receive security training Provide accounts and passwords for customers (low level security level and temporary access)

27 Susan

28 Suppose that ChoicePoint decides to establish a formal security policy on the issue of inappropriate release of personal data. Summarize the issues that ChoicePoint should address.

29

Download ppt "The ChoicePoint Attack – Case Study. Team F Susan Crowley Nafisah Hunter Beata Kolodziej Ingrid Macias Toni Steiner Maria Velasco."

Similar presentations

Code of Ethics for Professional Accountants

Code of Ethics for Professional Accountants
Confidentiality and HIPAA

Confidentiality and HIPAA
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.

WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Chris Gravatt Mallory De Kovessey Tina Vargas Tim Hogenhouser The ChoicePoint Attack.

Chris Gravatt Mallory De Kovessey Tina Vargas Tim Hogenhouser The ChoicePoint Attack.
Texas City Municipal Police Association 2012 Satisfaction Survey.

Texas City Municipal Police Association 2012 Satisfaction Survey.
6-1 Full and Fair Reporting Electronic Presentation by Douglas Cloud Pepperdine University Chapter F6.

6-1 Full and Fair Reporting Electronic Presentation by Douglas Cloud Pepperdine University Chapter F6.
Dr. Julian Lo Consulting Director ITIL v3 Expert

Dr. Julian Lo Consulting Director ITIL v3 Expert
DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.

DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.
Information Security Policies Larry Conrad September 29, 2009.

Information Security Policies Larry Conrad September 29, 2009.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
Network security policy: best practices

Network security policy: best practices
Chapter 2 Modern Private Security

Chapter 2 Modern Private Security
Chapter 2 Business Ethics and Social Responsibility Learning Goals 5 1

Chapter 2 Business Ethics and Social Responsibility Learning Goals 5 1
Ethics and Social Responsibility

Ethics and Social Responsibility
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA PRIVACY AND SECURITY AWARENESS.
The ChoicePoint Attack – Case Study

The ChoicePoint Attack – Case Study
Home. Copyright © by The McGraw-Hill Companies, Inc. All rights reserved.Glencoe Accounting The accounting profession requires its members to follow a.

Home. Copyright © by The McGraw-Hill Companies, Inc. All rights reserved.Glencoe Accounting The accounting profession requires its members to follow a.

Similar presentations

Ads by Google