In the first milestone, you identified a recent security incident that took place. There were multiple incidents that were chosen such as Target, OPM, Equifax, Home Depot, and so many more. In the second milestone, you will access the administrative, physical, and technical controls of the particular company then determine which one of these administrative, physical, and technical controls were not secure and led to the security incident. This week you will work on Milestone 3.  In milestone 3 you are building upon your first two milestones and describe the mitigation strategy, results, etc. on the organization.  For example, if you chose Equifax in milestone 1 you introduced your topic, in milestone 2 you described the controls that surrounded the organization, and now in Milestone, you will evaluate the results of the security incident. All of these milestones tie into each other as you evaluate the circumstances of the incident and the results. The minimum is 2 written pages and this does not include the title or reference page.  You must properly APA format your response.

Milestone 3 focuses on building upon the previous milestones to develop a comprehensive evaluation and analysis of the mitigation strategy and results of the chosen security incident. To effectively accomplish this, it is essential to review the previous milestones and ensure a cohesive flow between them. The chosen organization for this evaluation is Equifax, which was also discussed in Milestone 1 and Milestone 2.

Equifax is a consumer credit reporting agency that experienced a significant security incident in 2017, leading to the exposure of personal and financial data of approximately 147 million individuals. This incident highlighted the vulnerabilities in Equifax’s security controls and the need for an effective mitigation strategy to prevent similar incidents in the future.

To evaluate the mitigation strategy, it is crucial to assess the effectiveness of the measures implemented by Equifax after the incident. One of the key aspects to consider is the improvement of administrative controls. Administrative controls refer to policies, procedures, and guidelines that are put in place to manage and govern an organization’s security posture. In the case of Equifax, it is necessary to analyze the changes made to their administrative controls, such as the implementation of stronger authentication mechanisms, regular security awareness training for employees, and the establishment of incident response protocols.

Another important aspect to evaluate is the enhancement of physical controls. Physical controls involve the implementation of measures to protect an organization’s physical assets, including data centers and server rooms. Equifax should have evaluated and strengthened their physical controls after the incident, such as improving access controls to their facilities, enhancing video surveillance systems, and implementing stricter visitor management procedures. The effectiveness of these physical controls in preventing unauthorized access and safeguarding the organization’s sensitive data should be examined.

In addition to administrative and physical controls, it is essential to assess the improvement of technical controls. Technical controls focus on the use of technology to protect an organization’s information assets. Equifax should have implemented stronger technical controls, including encryption of sensitive data, regular vulnerability assessments and penetration testing, and comprehensive network monitoring and intrusion detection systems. The effectiveness of these technical controls in preventing unauthorized access, detecting and responding to potential security threats, and ensuring data integrity should be evaluated.

As part of the evaluation, it is also important to analyze the results of the security incident mitigation strategy. This includes assessing the impact on Equifax’s reputation, financial losses, legal implications, and customer trust. Equifax should have taken appropriate measures to mitigate these effects and regain the trust of its stakeholders. The success of these efforts in restoring the organization’s reputation and minimizing the long-term consequences should be examined.

In conclusion, Milestone 3 focuses on evaluating the mitigation strategy and results of the chosen security incident. By analyzing the improvements made to administrative, physical, and technical controls, as well as assessing the impact of the incident on Equifax, a comprehensive evaluation can be conducted. This evaluation will provide insights into the effectiveness of Equifax’s mitigation strategy and identify areas for further improvement.

Need your ASSIGNMENT done? Use our paper writing service to score better and meet your deadline.


Click Here to Make an Order Click Here to Hire a Writer