Equifax Data Breach: Cybersecurity Risk Assessment Report
VerifiedAdded on 2022/08/13
|12
|2705
|16
Report
AI Summary
This report provides a comprehensive analysis of the Equifax data breach, a significant cybersecurity incident that exposed the personal data of millions of Americans. The report begins with an introduction to the breach, detailing the compromised data and its impact. It then delves into the causes, focusing on the vulnerability in Apache Struts and the company's delayed response to the issue. The analysis extends to the benefits of implementing robust risk management strategies, including asset identification, vulnerability assessment, and business continuity planning. The report proposes a solution based on the NIST Cybersecurity Framework, outlining the 'Identify,' 'Protect,' 'Detect,' 'Respond,' and 'Recover' functions to prevent similar breaches in the future. The conclusion summarizes the findings, emphasizing the importance of proactive risk management in safeguarding sensitive data.
Running head: EQUIFAX DATA BREACH
EQUIFAX DATA BREACH
Name of student
Name of university
Author’s note:
EQUIFAX DATA BREACH
Name of student
Name of university
Author’s note:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
EQUIFAX DATA BREACH
Table of Contents
Introduction....................................................................................................................2
Discussion......................................................................................................................2
Cause of the breach....................................................................................................2
Benefit of risk management in the organisation........................................................4
Solution of the breach................................................................................................6
Conclusion......................................................................................................................8
References......................................................................................................................9
EQUIFAX DATA BREACH
Table of Contents
Introduction....................................................................................................................2
Discussion......................................................................................................................2
Cause of the breach....................................................................................................2
Benefit of risk management in the organisation........................................................4
Solution of the breach................................................................................................6
Conclusion......................................................................................................................8
References......................................................................................................................9
2
EQUIFAX DATA BREACH
Introduction
Equifax, who are considered to be the largest agency of consumer credit reporting in
USA, made the announcement around September 2017 that there has been a significant
breach in the systems and significantly personal data of almost 148 million Amercians has
been revealed. The data that has been compromised mainly comprised of the home addresses,
names, date of birth, phone numbers as well as the social security numbers. This report
intends to analyse the breach and determine how the implementation of extensive risk
management strategies would have helped the company. The analysis of this breach has been
executed extensively and risk management for the company has been analysed.
Discussion
Cause of the breach
Around September 7, 2017, the company Equifax made an announcement that there
has been a breach in the company and the breach led to the theft of over 143 million US
consumers. The similar announcement also stated that some of the Canadian and the UK
consumers were also affected extensively but no accurate number has been provided by the
company. It has been stated by the company that the significantly unauthorised access
happened around mid-May all through July 2017 [1]. It was determined that alleged hackers
did not extensively contact any data from the core databases of consumer credit reporting of
the company nonetheless from web browser of online dispute portal of US of the company.
The main data that has been breached from the company are the names, the, addresses, social
security numbers the driver’s license numbers as well as birth dates. It was later discovered
that the core vulnerability that had initiated this breach had been the vulnerability Apache
Struts CVE- 2017-5638.
EQUIFAX DATA BREACH
Introduction
Equifax, who are considered to be the largest agency of consumer credit reporting in
USA, made the announcement around September 2017 that there has been a significant
breach in the systems and significantly personal data of almost 148 million Amercians has
been revealed. The data that has been compromised mainly comprised of the home addresses,
names, date of birth, phone numbers as well as the social security numbers. This report
intends to analyse the breach and determine how the implementation of extensive risk
management strategies would have helped the company. The analysis of this breach has been
executed extensively and risk management for the company has been analysed.
Discussion
Cause of the breach
Around September 7, 2017, the company Equifax made an announcement that there
has been a breach in the company and the breach led to the theft of over 143 million US
consumers. The similar announcement also stated that some of the Canadian and the UK
consumers were also affected extensively but no accurate number has been provided by the
company. It has been stated by the company that the significantly unauthorised access
happened around mid-May all through July 2017 [1]. It was determined that alleged hackers
did not extensively contact any data from the core databases of consumer credit reporting of
the company nonetheless from web browser of online dispute portal of US of the company.
The main data that has been breached from the company are the names, the, addresses, social
security numbers the driver’s license numbers as well as birth dates. It was later discovered
that the core vulnerability that had initiated this breach had been the vulnerability Apache
Struts CVE- 2017-5638.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3
EQUIFAX DATA BREACH
Struts has been found to be significantly susceptible to the attacks of remote
command injection using the incorrectly parsing of the invalid content-Type HTTP header of
any attackers. This Struts vulnerability mainly permits the commands with being executed
underneath extensive Web server privileges. This is complete isolated command running and
it is dynamically exploited within the wild from any kind of early disclosure. This particular
vulnerability mainly happens due to the fact that Content-type has not been escaped
afterwards the error, and is utilised by the function “LocalisedTextUtil.findText” for
developing the error message. This function would deduce any supplied message as well as
whatever within the ${…} would be extensively treated as the Object Graph Navigation
Library (OGNL) expression and then valued like it. The conditions could be leveraged by the
attacker for executing the OGNL expressions, which would in turn execute the system
commands.
Apache Struts has been considered as the popular framework for the creation of Java
Web applications that are managed by the Apache Software Foundation [2]. This foundation
mainly released the statement that announced the discovery of vulnerability and then issued
the patch around March 7, 2017. That subsequent day, the Department of the Homeland
Security made contact with the company along with Experian, TransUnion for notifying them
regarding this particular vulnerability. Around March 9, 2017 the internal email
announcement had been transferred to the administrators of the Equifax company regarding
the deployment of the Apache patch. The information security department of Equifax ran
several scans on 15th March, 2017 that had been directed towards the direction of identity
systems that has been discovered to be extensively vulnerable to issue of the Apache Struts,
but all these scans were not able to recognise this vulnerability. This particular vulnerability
was not patched until 9th, 2017 when the department of information security of Equifax found
EQUIFAX DATA BREACH
Struts has been found to be significantly susceptible to the attacks of remote
command injection using the incorrectly parsing of the invalid content-Type HTTP header of
any attackers. This Struts vulnerability mainly permits the commands with being executed
underneath extensive Web server privileges. This is complete isolated command running and
it is dynamically exploited within the wild from any kind of early disclosure. This particular
vulnerability mainly happens due to the fact that Content-type has not been escaped
afterwards the error, and is utilised by the function “LocalisedTextUtil.findText” for
developing the error message. This function would deduce any supplied message as well as
whatever within the ${…} would be extensively treated as the Object Graph Navigation
Library (OGNL) expression and then valued like it. The conditions could be leveraged by the
attacker for executing the OGNL expressions, which would in turn execute the system
commands.
Apache Struts has been considered as the popular framework for the creation of Java
Web applications that are managed by the Apache Software Foundation [2]. This foundation
mainly released the statement that announced the discovery of vulnerability and then issued
the patch around March 7, 2017. That subsequent day, the Department of the Homeland
Security made contact with the company along with Experian, TransUnion for notifying them
regarding this particular vulnerability. Around March 9, 2017 the internal email
announcement had been transferred to the administrators of the Equifax company regarding
the deployment of the Apache patch. The information security department of Equifax ran
several scans on 15th March, 2017 that had been directed towards the direction of identity
systems that has been discovered to be extensively vulnerable to issue of the Apache Struts,
but all these scans were not able to recognise this vulnerability. This particular vulnerability
was not patched until 9th, 2017 when the department of information security of Equifax found
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
EQUIFAX DATA BREACH
the doubtful traffic on the network linked with the dispute portal in online platform and then
applied Apache patch.
Around July 30, 2017, the company additional found that the suspicious activities on
the network and then tool this web application immediately offline. After three days,
company hired the cybersecurity firm Mandiant for conducting the forensic investigation of
this breach. This investigation later made the discovery of data of over 2.5 million users in
the USA has been significantly affected by this breach [3]. The company later disclosed in
the similar announcement that over 8000 Canadians were also impacted and later detailed
that forensic investigation associated with the UK consumers has been finished, but they did
not specify the quantity of the UK consumers that were affected. The company later made the
announcement that data of over 693,665 UK has been affected.
Benefit of risk management in the organisation
Asset identification
Asset identification of the organisation has been considered to be extensively
beneficial for the proper management of the critical assets and then manage the proper
working of organisation. Some of the main assets of the Equifax organisation are:
Software: The software asset of the organisation includes the various system software
and the application software. Proper integrity of all the application software has been
considered to be critical for appropriate working of organisation [4].
Information: All the information regarding the several working departments of
organisation has been considered critical for proper development of this company. All the
information has been considered to be organised, collected, stored as well as classified in
proper type.
EQUIFAX DATA BREACH
the doubtful traffic on the network linked with the dispute portal in online platform and then
applied Apache patch.
Around July 30, 2017, the company additional found that the suspicious activities on
the network and then tool this web application immediately offline. After three days,
company hired the cybersecurity firm Mandiant for conducting the forensic investigation of
this breach. This investigation later made the discovery of data of over 2.5 million users in
the USA has been significantly affected by this breach [3]. The company later disclosed in
the similar announcement that over 8000 Canadians were also impacted and later detailed
that forensic investigation associated with the UK consumers has been finished, but they did
not specify the quantity of the UK consumers that were affected. The company later made the
announcement that data of over 693,665 UK has been affected.
Benefit of risk management in the organisation
Asset identification
Asset identification of the organisation has been considered to be extensively
beneficial for the proper management of the critical assets and then manage the proper
working of organisation. Some of the main assets of the Equifax organisation are:
Software: The software asset of the organisation includes the various system software
and the application software. Proper integrity of all the application software has been
considered to be critical for appropriate working of organisation [4].
Information: All the information regarding the several working departments of
organisation has been considered critical for proper development of this company. All the
information has been considered to be organised, collected, stored as well as classified in
proper type.
5
EQUIFAX DATA BREACH
Services: The main services of the company are the computing services that are
presently outsourced by organisation, and the communication services mainly includes voice
communications, data communications, value added services as well as wide area network in
the organisation.
Physical assets: The main physical assets of this organisation mainly includes the
computer equipment, technical equipment, communication equipment, furniture and the
storage media.
Vulnerability assessment
Some of the major vulnerabilities in the organisation are:
Vulnerability rising from password reuse: Extensive reuse of passwords in the
company has led to the rise of the vulnerability within all the computing systems [5]. It leads
to exposure of all the passwords of employees to unauthorised user who has the ability of
exploiting the passwords for gaining critical and sensitive information from database of
organisation.
Outdated patches: Any hacker mainly fishes around computing systems within
ongoing quest for outdated patches. This company could face this particular vulnerability is
when all the patches in the computer system of the employer or the employees has not been
updated properly.
SQL injections: Penetration testing for SQLi breaches has been considered to be
significantly imperative. As majority of web developers within current business environment
has confounded by idea of the methods by which the cyber attackers manages exploitation as
well as the tampering of SQL for gaining extensive advantage, this vulnerability has been
considered to be the most critical vulnerability for Equifax.
EQUIFAX DATA BREACH
Services: The main services of the company are the computing services that are
presently outsourced by organisation, and the communication services mainly includes voice
communications, data communications, value added services as well as wide area network in
the organisation.
Physical assets: The main physical assets of this organisation mainly includes the
computer equipment, technical equipment, communication equipment, furniture and the
storage media.
Vulnerability assessment
Some of the major vulnerabilities in the organisation are:
Vulnerability rising from password reuse: Extensive reuse of passwords in the
company has led to the rise of the vulnerability within all the computing systems [5]. It leads
to exposure of all the passwords of employees to unauthorised user who has the ability of
exploiting the passwords for gaining critical and sensitive information from database of
organisation.
Outdated patches: Any hacker mainly fishes around computing systems within
ongoing quest for outdated patches. This company could face this particular vulnerability is
when all the patches in the computer system of the employer or the employees has not been
updated properly.
SQL injections: Penetration testing for SQLi breaches has been considered to be
significantly imperative. As majority of web developers within current business environment
has confounded by idea of the methods by which the cyber attackers manages exploitation as
well as the tampering of SQL for gaining extensive advantage, this vulnerability has been
considered to be the most critical vulnerability for Equifax.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6
EQUIFAX DATA BREACH
Threats
Social media attacks: The website of social media are presently being exploited to
execute various cyber attacks. Social media websites are being presently utilised to increase
significant traffic on websites that can lead to the extensive data on major websites accessed
by the employees of the organisation.
Technology embedded with weaker security: The innovative budgets that are
presently being utilised by the organisation might comprise of several kinds of malware
gateways as well as bugs that can provide the cybercriminals with access to exploit the
system of organisation [6].
Malicious insider: The threat of malicious insider is faced by the organisation when
any employee of the organisation attempts to steal any amount of data from organisational
database. The preventive measures for ensuring that the insider breaches are not faced by the
organisation are extensively hard to prevent.
Technological failures: It is required from the organisation to be extensively prepared
for all kinds of failures due to the technology being used. Some of the common technological
threats are the systems crash, the missing documents, as well as the loss of critical files.
Business continuity plan
After the breach on September 2017, the company implemented the modern business
continuity plan for ensuring that the data of the customers are protected with extensive
security measures and security protocols. If the organisation faces any other security breach,
then all the data of the organisation would be immediately transferred to the secondary server
that is maintained at the isolated location away from the main servers of the organisation.
EQUIFAX DATA BREACH
Threats
Social media attacks: The website of social media are presently being exploited to
execute various cyber attacks. Social media websites are being presently utilised to increase
significant traffic on websites that can lead to the extensive data on major websites accessed
by the employees of the organisation.
Technology embedded with weaker security: The innovative budgets that are
presently being utilised by the organisation might comprise of several kinds of malware
gateways as well as bugs that can provide the cybercriminals with access to exploit the
system of organisation [6].
Malicious insider: The threat of malicious insider is faced by the organisation when
any employee of the organisation attempts to steal any amount of data from organisational
database. The preventive measures for ensuring that the insider breaches are not faced by the
organisation are extensively hard to prevent.
Technological failures: It is required from the organisation to be extensively prepared
for all kinds of failures due to the technology being used. Some of the common technological
threats are the systems crash, the missing documents, as well as the loss of critical files.
Business continuity plan
After the breach on September 2017, the company implemented the modern business
continuity plan for ensuring that the data of the customers are protected with extensive
security measures and security protocols. If the organisation faces any other security breach,
then all the data of the organisation would be immediately transferred to the secondary server
that is maintained at the isolated location away from the main servers of the organisation.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
EQUIFAX DATA BREACH
Solution of the breach
The company could follow the NIST framework for ensuring that the breach does not
happen in the company in future. Set forth by the National Institute of Standards and
Technology under United States Commerce Department, this Cybersecurity Framework has
been mainly the set of effective protocols for the private sector companies for following to be
extensively equipped in the identification, detection as well as effectively countering to the
cyber-attacks [7]. It also involves the set of effective protocols on the method of preventing
as well as recovering from any attack. Simply considered, this NIST Cybersecurity
Framework is considered as the set of effective standards, practices, as well as the
recommendations that helps any organisation in improving the cybersecurity measures. The
NIST Cybersecurity Framework pursues the addressing of lack of extensive standards when
the security aspect is considered. There are presently major dissimilarities in the methods by
which the companies are presently utilising the languages, technologies as well as the rules
for fighting the hackers, data pirates, as well as the ransomware [8]. The cyberattacks are
presently becoming extensively widespread as well as complicated and tackling these
particular attacks are growing extensively difficult. This is mainly compounded by
extensively deficiency of the unified tactics among the various organisations. The various set
of the policies, best practices, guidelines as well as the technologies utilised in the
cybersecurity leads to the rise of the extensive issue, where the organisation do not have the
effective ability of sharing the information regarding the attacks. If the enterprises
experiences any attempt of hacking, the employees could be shared the information. The core
of the NIST cybersecurity framework mainly defines all the activities that are required to be
executed for attaining the various cybersecurity results [9]. This framework mainly
determined the five functions that are required to be considered while implementing this
framework, and these are:
EQUIFAX DATA BREACH
Solution of the breach
The company could follow the NIST framework for ensuring that the breach does not
happen in the company in future. Set forth by the National Institute of Standards and
Technology under United States Commerce Department, this Cybersecurity Framework has
been mainly the set of effective protocols for the private sector companies for following to be
extensively equipped in the identification, detection as well as effectively countering to the
cyber-attacks [7]. It also involves the set of effective protocols on the method of preventing
as well as recovering from any attack. Simply considered, this NIST Cybersecurity
Framework is considered as the set of effective standards, practices, as well as the
recommendations that helps any organisation in improving the cybersecurity measures. The
NIST Cybersecurity Framework pursues the addressing of lack of extensive standards when
the security aspect is considered. There are presently major dissimilarities in the methods by
which the companies are presently utilising the languages, technologies as well as the rules
for fighting the hackers, data pirates, as well as the ransomware [8]. The cyberattacks are
presently becoming extensively widespread as well as complicated and tackling these
particular attacks are growing extensively difficult. This is mainly compounded by
extensively deficiency of the unified tactics among the various organisations. The various set
of the policies, best practices, guidelines as well as the technologies utilised in the
cybersecurity leads to the rise of the extensive issue, where the organisation do not have the
effective ability of sharing the information regarding the attacks. If the enterprises
experiences any attempt of hacking, the employees could be shared the information. The core
of the NIST cybersecurity framework mainly defines all the activities that are required to be
executed for attaining the various cybersecurity results [9]. This framework mainly
determined the five functions that are required to be considered while implementing this
framework, and these are:
8
EQUIFAX DATA BREACH
Identify: The initial function is the identification where the focus is placed on the
method of how the evaluation as well recognition of risk is done in the business. It needs the
detailed discovery of the present data practices. From the analysis of this function, it could be
considered that the company should conduct the business environment assessment, asset
management, risk assessment, governance, risk management strategy as well as the supply
chain risk management.
Protect: For protecting the organisation against any cybersecurity breach in the future
the company should implement the access control, identity management, awareness with
training, maintenance, information protection procedures and processes, data security, and the
protective technology [10].
Detect: For ensuring that the incidents of data security are managed at the minimum,
the detection function could be implemented that includes the irregularities and the actions,
security continuous monitoring as well as the detection processes.
Respond: When any data breach occurs in the organisation, there must be a rapid
response team that ensures that the breach is detected and data is secured before any major
loss is done to all the confidential data. The steps that could be taken by the considered
company are the response planning, communications, analysis, mitigation as well as the
improvements.
Recover: Ultimately, the final steps that are required to be considered in the
cybersecurity framework are emphasised on the methods of recovering the data that has been
mainly lost or even compromised. The steps that could be taken by the Equifax company are
the recovery planning, improvements, and extensive communications among the various
departments of the organisation. With the implementation of the considered framework, the
cybersecurity breaches in the organisation could be effectively solved and prevented.
EQUIFAX DATA BREACH
Identify: The initial function is the identification where the focus is placed on the
method of how the evaluation as well recognition of risk is done in the business. It needs the
detailed discovery of the present data practices. From the analysis of this function, it could be
considered that the company should conduct the business environment assessment, asset
management, risk assessment, governance, risk management strategy as well as the supply
chain risk management.
Protect: For protecting the organisation against any cybersecurity breach in the future
the company should implement the access control, identity management, awareness with
training, maintenance, information protection procedures and processes, data security, and the
protective technology [10].
Detect: For ensuring that the incidents of data security are managed at the minimum,
the detection function could be implemented that includes the irregularities and the actions,
security continuous monitoring as well as the detection processes.
Respond: When any data breach occurs in the organisation, there must be a rapid
response team that ensures that the breach is detected and data is secured before any major
loss is done to all the confidential data. The steps that could be taken by the considered
company are the response planning, communications, analysis, mitigation as well as the
improvements.
Recover: Ultimately, the final steps that are required to be considered in the
cybersecurity framework are emphasised on the methods of recovering the data that has been
mainly lost or even compromised. The steps that could be taken by the Equifax company are
the recovery planning, improvements, and extensive communications among the various
departments of the organisation. With the implementation of the considered framework, the
cybersecurity breaches in the organisation could be effectively solved and prevented.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9
EQUIFAX DATA BREACH
Conclusion
Therefore, it could be concluded from the above discussion that the breach in Equifax
company has led to the increase of security measures in database of various organisation by
implementing the proper security protocols for ensuring that this kind of breach does not
affect extensively. The company could utilise the National Institute of Standards and
Technology under United States Commerce Department, which is the Cybersecurity
Framework mainly the set of effective guidelines for the private sector companies for
following to be extensively prepared in the identification, detection as well as effectively
responding to the cyber-attacks.
EQUIFAX DATA BREACH
Conclusion
Therefore, it could be concluded from the above discussion that the breach in Equifax
company has led to the increase of security measures in database of various organisation by
implementing the proper security protocols for ensuring that this kind of breach does not
affect extensively. The company could utilise the National Institute of Standards and
Technology under United States Commerce Department, which is the Cybersecurity
Framework mainly the set of effective guidelines for the private sector companies for
following to be extensively prepared in the identification, detection as well as effectively
responding to the cyber-attacks.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
EQUIFAX DATA BREACH
References
[1]Knoxcountyecu.com, 2020. [Online]. Available:
http://www.knoxcountyecu.com/Docs_Pdfs/KCECU/Equifax_Data_Breach-
What_To_Do.pdf. [Accessed: 15- Feb- 2020].
[2]Y. Zou, A. Mhaidli, A. McCall and F. Schaub, ""I've Got Nothing to Lose": Consumers'
Risk Perceptions and Protective Actions after the Equifax Data Breach", Usenix.org, 2020.
[Online]. Available: https://www.usenix.org/conference/soups2018/presentation/zou.
[Accessed: 15- Feb- 2020].
[3]"Equifax and the Latest Round of Identity Theft Roulette - IEEE Journals &
Magazine", Ieeexplore.ieee.org, 2020. [Online]. Available:
https://ieeexplore.ieee.org/abstract/document/8220474/. [Accessed: 15- Feb- 2020].
[4]"Concern But No Action | Extended Abstracts of the 2018 CHI Conference on Human
Factors in Computing Systems", Dl.acm.org, 2020. [Online]. Available:
https://dl.acm.org/doi/abs/10.1145/3170427.3188510. [Accessed: 15- Feb- 2020].
[5]"“The internet is not pleased”: twitter and the 2017 Equifax data breach", Taylor &
Francis, 2020. [Online]. Available:
https://www.tandfonline.com/doi/abs/10.1080/10714421.2019.1651595. [Accessed: 15- Feb-
2020].
[6]Files.transtutors.com, 2020. [Online]. Available:
https://files.transtutors.com/cdn/uploadassignments/3654117_2_equifax1.pdf. [Accessed: 15-
Feb- 2020].
[7]E. Griffor et al., "Elaborating the Human Aspect of the NIST Framework for Cyber-
Physical Systems", NIST, 2020. [Online]. Available:
EQUIFAX DATA BREACH
References
[1]Knoxcountyecu.com, 2020. [Online]. Available:
http://www.knoxcountyecu.com/Docs_Pdfs/KCECU/Equifax_Data_Breach-
What_To_Do.pdf. [Accessed: 15- Feb- 2020].
[2]Y. Zou, A. Mhaidli, A. McCall and F. Schaub, ""I've Got Nothing to Lose": Consumers'
Risk Perceptions and Protective Actions after the Equifax Data Breach", Usenix.org, 2020.
[Online]. Available: https://www.usenix.org/conference/soups2018/presentation/zou.
[Accessed: 15- Feb- 2020].
[3]"Equifax and the Latest Round of Identity Theft Roulette - IEEE Journals &
Magazine", Ieeexplore.ieee.org, 2020. [Online]. Available:
https://ieeexplore.ieee.org/abstract/document/8220474/. [Accessed: 15- Feb- 2020].
[4]"Concern But No Action | Extended Abstracts of the 2018 CHI Conference on Human
Factors in Computing Systems", Dl.acm.org, 2020. [Online]. Available:
https://dl.acm.org/doi/abs/10.1145/3170427.3188510. [Accessed: 15- Feb- 2020].
[5]"“The internet is not pleased”: twitter and the 2017 Equifax data breach", Taylor &
Francis, 2020. [Online]. Available:
https://www.tandfonline.com/doi/abs/10.1080/10714421.2019.1651595. [Accessed: 15- Feb-
2020].
[6]Files.transtutors.com, 2020. [Online]. Available:
https://files.transtutors.com/cdn/uploadassignments/3654117_2_equifax1.pdf. [Accessed: 15-
Feb- 2020].
[7]E. Griffor et al., "Elaborating the Human Aspect of the NIST Framework for Cyber-
Physical Systems", NIST, 2020. [Online]. Available:
11
EQUIFAX DATA BREACH
https://www.nist.gov/publications/elaborating-human-aspect-nist-framework-cyber-physical-
systems. [Accessed: 15- Feb- 2020].
[8]W. Chang, R. Reinsch and N. Group, "NIST Big Data Interoperability Framework:
Volume 7, Big Data Standards Roadmap [Version 2]", NIST, 2020. [Online]. Available:
https://www.nist.gov/publications/nist-big-data-interoperability-framework-volume-7-big-
data-standards-roadmap-version-2. [Accessed: 15- Feb- 2020].
[9]W. Chang, R. Reinsch and N. Group, "NIST Big Data Interoperability Framework:
Volume 9, Adoption and Modernization", NIST, 2020. [Online]. Available:
https://www.nist.gov/publications/nist-big-data-interoperability-framework-volume-9-
adoption-and-modernization. [Accessed: 15- Feb- 2020].
[10]"Benefiting from the NIST Cybersecurity Framework - ProQuest", Search.proquest.com,
2020. [Online]. Available:
http://search.proquest.com/openview/e54ef43df41838caa8c37926ed106690/1?pq-
origsite=gscholar&cbl=47365. [Accessed: 15- Feb- 2020].
EQUIFAX DATA BREACH
https://www.nist.gov/publications/elaborating-human-aspect-nist-framework-cyber-physical-
systems. [Accessed: 15- Feb- 2020].
[8]W. Chang, R. Reinsch and N. Group, "NIST Big Data Interoperability Framework:
Volume 7, Big Data Standards Roadmap [Version 2]", NIST, 2020. [Online]. Available:
https://www.nist.gov/publications/nist-big-data-interoperability-framework-volume-7-big-
data-standards-roadmap-version-2. [Accessed: 15- Feb- 2020].
[9]W. Chang, R. Reinsch and N. Group, "NIST Big Data Interoperability Framework:
Volume 9, Adoption and Modernization", NIST, 2020. [Online]. Available:
https://www.nist.gov/publications/nist-big-data-interoperability-framework-volume-9-
adoption-and-modernization. [Accessed: 15- Feb- 2020].
[10]"Benefiting from the NIST Cybersecurity Framework - ProQuest", Search.proquest.com,
2020. [Online]. Available:
http://search.proquest.com/openview/e54ef43df41838caa8c37926ed106690/1?pq-
origsite=gscholar&cbl=47365. [Accessed: 15- Feb- 2020].
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 12
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.