Policy Compliance Among Institutions
Policy Compliance Among Institutions
Information Breach in Equifax Corporation.
Compliance refers to ensuring that the business and personnel obey all relevant provisions. This policy memo aims to review an organizational compliance issue and offer an update to the policy. On information security policies in organizations, several procedures are developed, with each institution obliged to strictly follow them to ensure the private data within the institution is secured from attackers. However, many organizations fail to comply with such policies, which costs them much. An example of a policy compliance scenario is Equifax’s data breach in 2017.
The Summary of The Issue
Equifax’s data hacking incident happened in July 2017 at the United States credit bureau Equifax. The hack exposed the personal information of one hundred and fifty million American individuals, fifteen million British nationals, and around 19,000 individuals from Canada, rendering it among the greatest cybercrimes involving fraudulent activity (Zou et al., 2018). The US government accused individuals of Chinese cracking into Equifax and collecting confidential information as part of an enormous robbery that also involved company secrets theft. Equifax’s information incident was mainly caused by a fixed third-party malware attack, which Equifax forgot to upgrade its databases against. Equifax utilized Apache Struts as one of its webpage foundations for services that handle customer credit complaints. After a vulnerability breach was discovered, a significant security upgrade for Apache Struts was issued on seventh March 2017, and all consumers of the platform were recommended to upgrade immediately.
Possible Solutions and Their Explanations
This attack could have been prevented since Equifax failed to implement the established policies to prevent a data breach. There are three solutions to this incidence. Among them includes utilizing a three-extended approach. The main advantage of this approach is helping the company protect its corporate systems, modifying the vulnerabilities which aided in the previous attack to prevent further attack incidences. Lastly, the practice helps notify the appropriate parties (Marcus, 2018). The second solution is reviewing the corporate website. For the incidence of Equifax attack, its cause originated from malware attack; therefore, checking their websites will prevent attackers from further accessing their corporate websites and servers for every compromising material and get it deleted promptly (Zou et al., 2018). The third solution is developing an appropriate plan. Finally, after data breach situations, organizations need to devise a thorough and reasonable communications strategy for all concerned parties, involving enforcement agencies, other enterprises, and people– including workers, shareholders, and associates.
A picture illustrates an example of a System protection Strategy.
Implications and Benefits of The Policy
These solutions imply that when a system gets hacked, the right course of such a situation explains what happened, how it’s being fixed, and what individuals impacted may do to safeguard themselves from possible harm. If this policy is followed correctly, the probability of such incidences occurring is minimal. Confidential data should never be shared. Any company that can preserve secrets helps establish trust among all participants, including consumers, who understand their information is protected, thus retaining its corporate reputation (Talesh, 2018).
Illustration of Data Monitoring Mechanism in an Organization
Equifax failed to comply with its legal obligation to secure customers’ data by enabling vulnerabilities and overlooking the incident. Equifax was overconfident in the system’s ability to withstand catastrophic faults or assaults. Due to this mistaken confidence, the company did not implement any additional checks or redundancy. Therefore, the organization did not fully comply with the policies on information technology as a technological firm. If adopted and the organizations comply with the data security policy proposed in this memo, there will be few incidences of system hacking in various organizations. This policy memo is structured into five segments comprising the summary of the problem, the solutions explanations of the recommended solutions, the implications of the recommended policy and the conclusion.
Marcus, D. J. (2018). The Data Breach Dilemma: Proactive Solutions for Protecting Consumers’ Personal Information. Duke LJ, 68, 555.
Talesh, S. A. (2018). Data breach, privacy, and cyber insurance: How insurance companies act as “compliance managers” for businesses. Law & Social Inquiry, 43(2), 417-440.
Zou, Y., Mhaidli, A. H., McCall, A., & Schaub, F. (2018). ” I’ve Got Nothing to Lose”: Consumers’ Risk Perceptions and Protective Actions after the Equifax Data Breach. In Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018) (pp. 197-216).