Posted: September 10th, 2023

What weaknesses in ChoicePoint Information Security Get research paper samples and course-specific study resources under   homework for you course hero writing service – Manage ment practices likely contributed to their data breach?

Instructions: This is for an Information technology class.

• Use the attached “Case 1” and answer the following questions:

Question 1. What weaknesses in ChoicePoint Information Security Get research paper samples and course-specific study resources under   homework for you course hero writing service – Manage ment practices likely contributed to their data breach? Please explain how they contributed and what Choice Point could do to strengthen these areas.
Question 2. Discuss the pros and cons of two information security management models that would be appropriate for ChoicePoint to implement? Explain the strengths and weaknesses of each model within the context of Choice Point’s business model.
Question 3. Design an information security metrics program that would provide ChoicePoint executives with visibility into the effectiveness of the security program in preventing future data breaches. What information security metrics would you recommend and why?
Question 4. What are the key risk areas that ChoicePoint (and the data broker industry) as a whole need to address to protect its information and to minimize the negative perception (and the resultant likelihood of restrictive laws being passed) of the industry as a whole?
Question 5. To what extent did each of the following three areas (technology, people, process) play in the ChoicePoint data breach? Explain.

• Responses should take into consideration the requirements and needs of the attached “Case 1”.
• Answers should reflect your understanding of Whitman and Mattord book (also attached). You are free to use any other relevant references beyond the prescribed text.

Specifications for the paper
• APA Style
• 5 Pages.
• The general text of the paper, excluding headings and title, should be written with following format specifications
• Font: Times New Roman
• Font Size: 12, regular
• Line spacing: double spaced
• Alignment: left
• Margins (inches): Left: 1.25; Right: 1.25; Top: 1; Bottom: 1
• Do not repeat the questions in the body of the paper just specify the question example: Q5: Response for the question.

Case Analysis 1
Student’s Name
Institutional Affiliation

Case Analysis 1
Question 1.
The information security management programs at ChoicePoint were confirmed to have some limitations and weaknesses. The weaknesses allowed of the easy in which the data was stolen. The right actions must be taken to improve the security management practices within the company. The weaknesses of ChoicePoint information security management practices led to a data breach. One of the weaknesses of the information security control programs is that it did not invest adequately in the company. ChoicePoint did not create improved security programs to reduce security breaches. The victims of identity theft in the company were worried about the issues of a security breach (Whitman & Mattord, 2014: 2024 – Essay Writing Service | Write My Essay For Me Without Delay). The inability to invest in good security controls allowed for the loss of personal data through the security breach. The company should implement proper controls including technical and operational controls. These controls would be important in promoting long-term security control and management at ChoicePoint.

Another weakness of the security management processes was the inability to involve all the people. The company did not respond to the concerns of the clients. For example, the clients found it difficult to sign up for the free credit monitoring program that helps in giving the clients reprieve. The inability to respond to the security breach concerns within the organization. Clients were worried that ChoicePoint was selling theirpersonal data for monetary gains (Peltier, 2016: 2024 – Do my homework – Help write my assignment online). The little involvement of people exposed the company to high risks of losing information due to the limited resources in managing the security programs.
Going forward, it is recommendable that ChoicePoint should work with diverse personnel and align with the needs of the customers. Such efforts would be useful in reducing the risks and vulnerability of identity theft in responding to data breaches. It was appropriate for ChoicePoint to discontinue the selling of the information to the external parties (Crossler, et al., 2013). However, the action was not appropriate in increasing the confidence of the customers with the company. The company should implement a consumer-drive enforcement approach. Such an action would help in making the clients feel that their information is well protected.
Question 2.
There is two information security management models appropriate for ChoicePoint to implement including the National Institute of Standards and Technology (NIST) security model and COBIT. The NIST model is useful in promoting and maintaining the security standards. The creation of active programs is useful in developing and improving the security standards. The advantages of the NIST framework include the integration of 17 security controls to promote security protection. The 17 controls are organized into three levels to ensure that the security breaches are limited (Crossler, et al., 2013). The levels of controls include the management, operational, and technical controls. The integration of the controls is important in reducing the potential security breach within the organization.
ChoicePoint needed to implement the management controls to ensure that all the employees and managers were devoted to preventing security breaches. The operational controls help ChoicePoint to enhance security controls, which focuses on the implementation and execution of the controls through people. While the technical controls enables to the improvement of security level within the computer system. The advantage of these controls was to improve the linkage of business programs and policies. However, NIST philosophy has disadvantages including limited resources to address the security concerns. ChoicePoint needs to have adequate human and capital resources to implement the NIST model. It is because the NIST model is highly integrated into dealing with the security management issues within the company.
ChoicePoint can also rely on the COBIT approach which is useful in implementing the best controls and organizing the logical models of IT-related programs. COBIT approach is useful in managing the IT well through a maturity model. The security model will help in implementing good practices for control and governance process. ChoicePoint will get the opportunity to align IT with the business processes. To overcome the security breaches, the management of ChoicePoint is useful in promoting the linkage between the business and IT goals (Whitman, & Mattord, 2014: 2024 – Essay Writing Service | Write My Essay For Me Without Delay). It also emphasizes on the proper metrics and models that could be used to measure the overall outcome and the identification of the employees’ responsibilities. Some of the advantages of COBIT are that it promotes the actual implementation of the security plans by aligning the business goals. Another benefit of COBIT approach is to promote the linkage of the good practice systems within governance requirements and needs.

However, the COBIT approach has some disadvantages includes that it ignores the specific issues such as emerging issues of the security breach concerns such as the social engineering problem in ChoicePoint. The disadvantage should be improved through proper identification of the potential security needs and business requirements. The actual implementation of the COBIT would help in reducing the vulnerabilities of personnel breaches in the organization.
Question 3.
ChoicePoint can benefit from comprehensive information security metrics programs that address the key risks within the organization. The information security metrics approach would help the executives in understanding the effectiveness of the security programs and thus, prevent future data breaches. Incident response rates are the first metric that can be used to promote information security. The incident response rate should be high within the organization to reduce the risks associated with the adverse incidents within the organization. Security rating systems such as BitSight can be used to measure the incident response level within the organization. Longer incident response rate allows the potential hackers opportunity to underlie the information systems at the company.
Last audit and assessments would also be useful in dealing with high risks areas within the organization. The company should implement assessment that deals with the potential cyber security exposures within the organization. It makes it possible to determine the high risks areas and create proper interventions in reducing the level of risks. Patching cadence is another recommendable metric that should be implemented. The metric helps in determining the vulnerabilities within the system (Crossler, et al., 2013). It is usually software dedicated to determining the potential bugs and vulnerabilities. ChoicePoint should increase the usage of patching cadence to reduce the level of vulnerabilities in their data protection system. Therefore, ChoicePoint should adopt and expand on this information security management metrics within the organization.
Question 4.
As a data broker, the key risks areas that Choice Point needs to address to promote the protection of the information and reduce the negative perception is the vulnerable information security processes, insufficient operational programs, and the managerial risks. The industry demands advanced processes in data protection and security management (Whitman & Mattord, 2014: 2024 – Essay Writing Service | Write My Essay For Me Without Delay). It is important that ChoicePoint should invest in comprehensive information security and management programs. Through such efforts, it becomes possible to avoid any potential hacking or concerns from the clients. The hacking concerns were severe problem limiting the security programs.
Countering the risks of operational limitations and employee dishonesty is useful in dealing with the risks facing ChoicePoint as a data broker. The limited operational programs would help in shaping the long-term performance of the company. The managerial concerns including employee sabotaging of the security process should also be dealt with well (Peltier, 2016: 2024 – Do my homework – Help write my assignment online). The managers did not make significant efforts in improving the data protection processes. ChoicePoint should come up with the right measures in improving the nature and implications of data security. Such efforts would help in operating within the legal provisions and guidelines necessary for all data brokers.
Question 5:
Largely, technology, people, and process play a critical impact on the ChoicePoint data breach. The security breach at ChoicePoint was promoted by individual persons. The technological form of identity theft was used in the stealing of data and information. The case was a determined as a social engineering scam and problem that undermined the security of the varied information and data. Improved technologies were useful in promoting the social engineering programs to protect the business on a technical level. The identity theft indicated the technological vulnerability that undermines the security of the social security numbers.
The involvement of people in the security breach was high. The personal information of 145,000 people was not stolen from the company, but the company sold the private information to bogus businesses (Whitman & Mattord, 2014: 2024 – Essay Writing Service | Write My Essay For Me Without Delay). The failure of Choice Point to vet their clients was a serious concern as it increased the risks of security vulnerability. The security community was concerned with the inability of CISOs to take their responsibilities in promoting information protection. The company should hire quality persons to limit risks of a security breach. The management of ChoicePoint should have held to verify the credentials well.
The process of selling the information to the business was a serious concern. The company should have conducted a proper investigation on the businesses before giving out their information. The limited process of understanding the security vulnerability and protection of the marketing process to reduce the security breach risks at ChoicePoint. The Federal Trade Commission also determined that the company contravened the federal laws relating to the security of consumer information and other issues. The security protection process at ChoicePoint was weak and manipulated by employees who undermined the process. As a result, technology, process, and people were influential factors in causing serious security breach risks at ChoicePoint.

References
Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R. (2013). Future directions for behavioral information security research. Computers & Security, 32, 90-101.
Peltier, T. R. (2016: 2024 – Do my homework – Help write my assignment online). Information security policies, procedures, and standards: guidelines for effective information security management. New York, NY: CRC Press.
Whitman, M., & Mattord, H. (2014: 2024 – Essay Writing Service | Write My Essay For Me Without Delay). Get research paper samples and course-specific study resources under   homework for you course hero writing service – Manage ment of information security. Boston, MA: Cengage Press

Write My Paper