InfoSec incident review and critical analysis
Selected Incident: YahooDate: 2013-14
Impact: 3 billion user accounts
Details: In September 2016, the once dominant Internet giant, while in negotiations to sell itself to Verizon, announced it had been the victim of the biggest data breach in history, likely by “a state-sponsored actor,” in 2014. The attack compromised the real names, email addresses, dates of birth and telephone numbers of 500 million users. The company said the “vast majority” of the passwords involved had been hashed using the robust bcrypt algorithm.
A couple of months later, in December, it buried that earlier record with the disclosure that a breach in 2013, by a different group of hackers had compromised 1 billion accounts. Besides names, dates of birth, email addresses and passwords that were not as well protected as those involved in 2014, security questions and answers were also compromised. In October of 2017, Yahoo revised that estimate, saying that, in fact, all 3 billion user accounts had been compromised.
The breaches knocked an estimated $350 million off Yahoo’s sale price. Verizon eventually paid $4.48 billion for Yahoo’s core Internet business. The agreement called for the two companies to share regulatory and legal liabilities from the breaches. The sale did not include a reported investment in Alibaba Group Holding of $41.3 billion and an ownership interest in Yahoo Japan of $9.3 billion.
Yahoo, founded in 1994, had once been valued at $100 billion. After the sale, the company changed its name to Altaba, Inc.
This assessment is designed to assess your level of understanding of the following topics:
· Identify the impact of information security on modern business and society
· Justify the need for managing security of digital information and information systems
In this assignment, you will
· Identify an information security incident to share with your peers. Use reputable sources from public and specific domain to support your task.You must not use the incidents, which have been identified by yours peers.
To help your peers to understand more about the incident, you also provide information about thevictim, the time and location, the possible or identified cause of the incident, and any reported loss and damage. You then provide some insight about the cause of the incident such as the type of the security attack, the method of the attack, and possible damage the attack may bring.
· Perform a critical analysis to justify the need for managing security of digital information and information systems.
You will justify the need for managing security of digital information and information systems by discussing the consequences the security incidents may bring to their victims, to you and the society. Where possible, use the peer sharing information as source for support your argument.
· Finally, you will briefly discuss what would you do to reduce the impact of the incident and/or prevent a similar incident from happening based on your current experience and knowledge. Support your discussion with facts and literatures.
Share the security incident that you have identified with your peers using the discussion board. At the same time, put all information about the incident you have identified together with your discussion and analysis in a separate MS Word document with your name and student ID and submit for marking by the due date.
Use Harvard referencing for this assignment. Here is a good online citation tool you may want to use: http://www.harvardgenerator.com/