1. Chris Gravatt Mallory De Kovessey Tina Vargas Tim Hogenhouser The ChoicePoint Attack

2. Synopsis ChoicePoint is a company that offers information on fraud prevention data to federal agencies, missing children reports and businesses on new employees. Fraudulent people were able to obtain personal information on people and subjected these people to identity theft, Notifying the Los Angeles Police Department of these suspicious activity cost ChoicePoint significant loss in market share, as well as clients, and was subjected to a class action law suit where they were forced to pay millions of dollars. ChoicePoint could have avoided all these consequences had they shut down their data source and “buried” the fact that there was even a theft of information.

3. Question 1 The question asks if choice point had chosen wisely when it publicly announced the information theft and subjected themselves to public ridicule and millions of dollars of lost cost and revenue. We think from an ethical standpoint that the company acted wisely in publicly announcing the theft. Had they tried to bury the fact that a theft indeed had happened, the repercussions could have been much more severe. The company tried to do the right thing by letting law enforcement officials know that there was a theft, and tried to help in the investigation to capture the criminals.

4. Question 2 The question asks if we think other company’s would take the same steps of action, had their data been infiltrated in the same manner. Also if there should be stricter laws in force to help deter these crimes from taking place? Given the recent history of companies keeping a lot of information form the public, we think that the majority of the companies would try to cover up the fact that a theft had taken place. They would do all that they could to protect their companies from losing valuable reputation, market share, and revenue.

5. Question 3 Products that ChoicePoint provides on their website and through their company, and what is the central theme of the company. Background Checks Insurance Repots Certified Birth/Death certificates Certified Marriage/ Divorce Certificates The central theme seems to be making sure that information that people provide on various documents are accurate and truthful.

6. Question 4 Reflect on an appropriate security program for ChoicePoint. Identification and authentication is the security program they should use. The way that the criminals got into the data is by pretending that they were a client of ChoicePoint and fooled the representative into thinking they were someone they are not. Having a more secure identity authentication in place will make it much harder for people to lie about who they are. They could either use a voice recognition system or a more elaborate password system and smart cards to help deter unauthorized access.

7. Question 4 Con’t ChoicePoint needs a security process to better help them to protect valuable consumer data. This will enable them to mineralize there liability. The people that ChoicePoint should govern under the security system is their customers, employees, IT people, and any outsourcing companies that they hire and interact with.

8. Question 5 Supposing ChoicePoint issues a security policy, these are some of the issues they should be concerned with. Multiple checks for identifying customers Background checks on all employees new and existing Background checks on new and existing customers. Safer firewalls and database security Making sure that their own information on people is accurate and correct.