2-1 activity case study first American financial data breach PDF

Preview

Summary

Case study, in 2019 one of the largest data breach in history occurred when first American financial corporation, a real estate title insurance company....

Description

First name : Sherline Last name: Gustave Class: Computer Systems Security 21EW1 Date: 9/12/2021

2-1 Activity: Case Study: First American Financial Corporation Data Breach How did this breach occur? Briefly summarize the incident. Brian Krebs reported over 885 million sensitive documents display online by insurance giant the first American Financial. Those documents were kept on the company website, contained bank statements, mortgage records, account numbers, wire transfer receipts, social security numbers and photos of driver’s licenses. Back in 2003, that information was available without protection and could be accessed without a strong password as long as the person knew where to go. The company didn’t know about the incident until it got a notification from an external source, all the company sensitive information stored on the website was unprotected and anybody could be accessed without any password. In a situation like this the web page is connected to confidential and sensitive information generated and noticeable to specific person. In that case anyone who has the link for one document can access all other documents that are on the website through the link.

Which pillars of the CIA triad were explicitly violated, given the scenario? The terrible part of this leak wasn’t the results of phishing scam, or an insecure Amazon bucket. The company seem to have failed to secure unique URLs to these documents accurately, using a sequential system and authorize anyone to access customers information simply by entering the correct URL into a web browser. Integrity is violated, The CIA triad refers to confidentiality, integrity, and availability which is an information security made up of these three main components. Each of them represents a fundamental objective of information system.

There is a lot of steps managers can do to avoid potential breaches. There is a large amount of information from several sources that show how to prepare for cyber-attack. Since the reason, and nature of every attack is different and the composition of the businesses is different, there is no single prescription for prevention. By put together information from multiple sources, we can make a list of high-level practices that all organization should put into practice.

Use things in simple term that non-IT executives and users can understand Policy enforcement and policies awareness is important to create security inside an organization. Awareness of policies, security should the priority concern to all organizations. There should be special training for departments that deal with the most sensitive data in the company. Executives buy in To create a strong security policy , support has to come from the top level of the company, security must become a crucial part of the organization culture. Fully understand the risk that the organization may face By knowing the industry and the attack it may face, what is important to the organization and how to protect those assets, security team can promote, support, and create cyber security initiatives. Identify and classify different cyberattacks Most of the organizations understand the damage that can occur during an attack as well as the aftermath. Many organizations prefer to ignore or they willing to accept the risk of not taking serious precautions due to complexity and cost. Policy enforcement

First name : Sherline Last name: Gustave Class: Computer Systems Security 21EW1 Date: 9/12/2021 Policy can be simple like a strong a password, but should be ideally go well beyond password, security policy should be documented and automated to prevent error. Offline backup of critical data Data is the life of an organization. Many companies take a long time to recover from data loss, some give up on businesses entirely. A copy of critical data outside of the location is one small step that should not be overlooked.

How to respond when a breach happens Engage law enforcement , a breach should be reported to law enforcement. The one that should be contacted are. The Federal Bureau of Investigation (FBI), The U.S Secret Service (USSS), The U.S immigration and customs Enforcement (ICE), The district Attorney, State and Local law Enforcement. Record the details The team should write down the actions taken to respond to the breach. The systems that have been affected, disrupted services, Data and network affected by the incident, Amount and type of damage done to the systems, compromised account. Attempt to limit additional damage The security team should take step to keep an attack from spreading such as filtering or blocking traffic, Rerouting network traffic. Survey the damages Security team should conduct an internal investigation after the organization recover form the breach to determine the impact on critical impact on the business. This investigation will help the organizations identify the attacker, discover unknown security vulnerability that way they will be able to determine what improvements need to be made to the company’s computer systems....