Choicepoint Attack
Q2. Given ChoicePoint’s experience, what is the likely action of similar companies whose records are compromised in this way? This crime is an example of a failure of authentication, not network break-in. ChoicePoints’s firewalls and other safeguards were not overcome or harmed. To avoid such problems in the future, the likely action that should be taken by the similar companies is to applying more authentication methods.
For example by using a unique user name and determines that the person is legitimate through the input of a correct password. The other authentication mechanisms to prove the legitimate identity are user-selected passwords, system-generated passwords, passphrases, question-and-answer passwords, tokens, and various biometric characteristics and such methods entail verification of users through matching fingerprints, facial features, irises, or voices. Given your answer, do you think federal regulation and additional laws are required?
Since the identity theft level increased and become serious, it is important to have strong laws that will protect the database systems from unauthorized persons. The regulations must be adopted with the newest technologies and must be clearly developed to this crime. Some punishments need to be arranged for those who convicted in this serious crime. What other steps could be taken to ensure that data vendors notify people harmed by data theft? The data theft identified by the various organizations is not uniform.
Some of the steps that can be implement by organizations such as: • sensitive data should never be removed from a secured worksite without taking precautions such as encrypting files or shredding documents; • newspaper articles, copies of letters reporting a theft to consumers, notification lists of state agencies, direct entry of incidents by the public, and other web sites as sources for the theft; • install software that will scan all e-mails before they are sent for numbers that could be SSNs or other personally identifiable information; inventory physical information that is to be shipped from one location to another, on both ends. At a minimum, make sure the number of containers is the same; • institute and repeat mandatory employee computer security training; • regularly scan web sites and linked files for sensitive information; • encrypt sensitive information on computers and servers inside the company and on portable devices: laptops, flash drives, and discs; • do not return hard drives that have been used to store sensitive data before destroying the data, using approved software.