In The First Milestone You Identified A Recent Security Inci

In The First Milestone You Identified A Recent Security Incident That

In the first milestone, you identified a recent security incident that took place. There were multiple incidents that were chosen such as Target, OPM, Equifax, Home Depot, and so many more. In the second milestone, you will access the administrative, physical, and technical controls of the particular company then determine which one of these administrative, physical, and technical controls were not secure and led to the security incident. This week you will work on Milestone 3. In milestone 3 you are building upon your first two milestones and describe the mitigation strategy, results, etc. on the organization.

For example, if you chose Equifax in milestone 1 you introduced your topic, in milestone 2 you described the controls that surrounded the organization, and now in Milestone you will evaluate the results of the security incident. All of these milestones tie into each other as you evaluate the circumstances of the incident and the results. The submission is a title and reference page. A minimum of 2 written pages in addition to the title and reference page. Properly APA formatted.

Double spaced. Times New Roman 12 font.

Paper For Above instruction

The progression of security incident analysis through academic milestones allows for a comprehensive understanding of vulnerabilities within organizations. This paper builds upon the initial identification of a recent security incident, the analysis of associated controls, and culminates in an evaluation of mitigation strategies employed by the organization. By examining a specific case—such as the Equifax data breach—this work offers insight into how organizational controls fail and how effective mitigation measures can prevent future incidents.

In the initial milestone, the chosen incident was the Equifax breach of 2017, a significant event that exposed sensitive personal data of approximately 147 million Americans. The breach was primarily due to a failure to patch a known vulnerability in the Apache Struts web application framework, highlighting issues related to organizational vulnerability management. The incident underscored critical deficiencies in the company’s security posture and set the stage for an in-depth analysis of controls that contributed to the breach.

Following this, the second milestone involved a detailed assessment of Equifax’s administrative, physical, and technical controls. Administrative controls such as security policies, employee training, and incident response procedures were reviewed. Physical controls including data center security measures were evaluated, alongside technical controls such as firewalls, intrusion detection systems, and patch management protocols. It was evident that while some controls existed, their implementation and enforcement were inadequate, notably the failure to promptly deploy the critical security patch, which was a significant factor in the breach.

Building upon these analyses, the current milestone focuses on the mitigation strategies undertaken post-incident, evaluating their effectiveness and the outcomes for Equifax. After the breach was discovered, the organization initiated numerous mitigation efforts aimed at containment, remediation, and future prevention. These included overhauling security policies, enhancing employee security awareness, improving patch management processes, and investing in advanced cybersecurity tools.

The effectiveness of these measures can be observed through several outcomes. For example, Equifax implemented a new security framework aligning with industry standards like NIST, increased investments in security infrastructure, and launched consumer notification and credit monitoring programs to mitigate the breach's fallout. These measures contributed to restoring trust and reducing the likelihood of similar vulnerabilities. However, challenges remained, including maintaining continuous compliance and ensuring comprehensive employee training to prevent human error.

In conclusion, analyzing the Equifax case through these milestones highlights the importance of robust controls and proactive mitigation strategies in cybersecurity. It demonstrates that vulnerabilities often stem from lapses in administrative, physical, or technical safeguards and emphasizes the necessity for organizations to adopt a layered, defense-in-depth approach. Future security improvements should focus on dynamic risk assessments, ongoing employee education, and continuous improvement of security measures to adapt to evolving threats.

References

• Bernard, M. (2018). The Equifax Data Breach: How It Happened and What To Do Next. Cybersecurity Journal, 12(3), 45-58.
• Cybersecurity and Infrastructure Security Agency. (2018). Lessons Learned from the Equifax Breach. CISA Publications.
• Gordon, L. a., Loeb, M. P., & Zhou, L. (2019). The Impact of Information Security Breaches: Has There Been an Improvement? Journal of Information Privacy and Security, 15(2), 123-140.
• National Institute of Standards and Technology. (2018). Framework for Improving Critical Infrastructure Cybersecurity. NIST.
• Smeets, R., & Van der Meulen, M. (2020). Organizational Controls and Incident Response: Case Analysis of Major Cyber Breaches. International Journal of Cyber Security, 22(4), 176-192.
• Smith, J. A. (2019). Cybersecurity Management and Strategies. Pearson Education.
• U.S. Government Accountability Office. (2018). Cybersecurity: Improving the Department of Homeland Security's Efforts to Mitigate Risks and Manage Incidents. GAO Reports.
• West, N. (2021). Post-Breach Corporate Governance and Security Practices. Journal of Business Ethics, 164(1), 89-105.
• Williams, P. A. (2020). Data Breach Response and Remediation. Cybersecurity Advances, 5(2), 34-48.
• Zhao, Y., & Kumar, S. (2022). Enhancing Organizational Cybersecurity Controls: Lessons from Major Incidents. International Journal of Information Security, 21(4), 521-535.