Q. 1: Nature of the information security breach at ChoicePoint and how this adversely affected the organization
Management information system
ChoicePoint is a leading corporation that deals with the risk-management and fraud prevention data. The information security breach was that of the unauthorized people who pretended to be legitimate customers and hacked the system. They got access to personal data and that of more than 145000 other people. They use vague identities and managed to pass the customer authentication and verification without being noticed.
Q. 2: Actions taken by both ChoicePoint and the "authorities" to address the crisis
ChoicePoint became aware of the problem in November 2004. Some accounts in Los Angeles were processing not as expected. It decided contact Los Angeles Police Department and were advised not to expose the problem until investigations were conducted. The authority (Los Angeles Police Department) informed the CheckPoint that it will contact and inform all the customers whose data had been defrauded or compromised. CheckPoint provided a hotline to its customers who data had been compromised to call for assistance. This was to be used for a short time as investigations were on. The US senate too promised to carry out investigation on the matter so that the 145000 could not loose more than $75,000 each.
Q.3: Reactive steps by ChoicePoint might have mitigated their losses subsequent to their discovery of the information security breach
CheckPoint informed the authorities (Los Angeles Police Department) so that investigation could start for the fraudsters to be traced and arrested. The company established a hotline that their customers could use for assistance as new measures were being taken to correct the mess. This was necessary because more damage could have occurred if immediate action was not taken.
Q. 4: Proactive steps taken by ChoicePoint that might deter a reoccurrence of such an information security breach
CheckPoint should get experts from the police department or people who have knowledge and expertise on how to prevent fraudsters from accessing the data illegitimately. The system should only be operated by a few people who have authority to monitor the operations. The system must not be easy for fraudsters to access it and will be ensured by allowing one or two people to keep and use the pin number. This will be easy when investigation such cases incase it happens in future because the two people will be held responsible. This will help the company avoid the same incidences happening in future.
