NAME:
TODAY’S DATE:
Please use APA style formatting.
Question 1
Download Government Accountability Office’s report from this URL: https://www.gao.gov/assets/700/694158.pdf
If the link is no longer available, then do a web search by using the term “GAO Actions Taken by Equifax and Federal Agencies in Response to the 2017 Breach”.
Please read the pages 10-17 of the document. (Start reading from this section: “Attackers Exploited Vulnerabilities That Equifax Subsequently Reported Taking Actions to Address” until this section: “Equifax Reported Taking Steps to Identify Affected Individual”)
1) Categorize the actions of the hackers by using the cyber kill chain method by filling out the table below. Note that if you cannot find any specific action for a step within the GAO document, you can use external resources or use your judgment on which methods the hackers might have used.
Cyber Kill Chain Step
Actions of Hackers
Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command & Control
Actions on Objectives
Question 2
For the Equifax 2017 case, please provide two components of the attack surface by providing justifications. Please describe the attack vector that leads to the compromise of millions of SSNs.
Question 3
As a senior security engineer, what defense-in-depth actions would be the most suitable for minimizing the Equifax’s exposure to this attack? Explain each action and provide the rationale to support using each specific action.
———–
NAME:
DATE FOR TODAY:
Please format your paper in APA style.
Question No. 1
Download the report from the Government Accountability Office at this link: https://www.gao.gov/assets/700/694158.pdf
If the link no longer works, conduct a web search for “GAO Actions Taken by Equifax and Federal Agencies in Response to the 2017 Breach.”
Please read the document’s pages 10-17. (Read from “Attackers Exploited Vulnerabilities That Equifax Subsequently Reported Taking Actions to Address” to “Equifax Reported Taking Steps to Identify Affected Individual”)
1) Fill out the table below to categorize the hackers’ actions using the cyber death chain method. It is important to note that if you cannot locate a precise action for a step in the GAO paper, you can consult external resources.