Case Study: Equifax Data Breach (2017)

Overview: The Equifax breach exposed the personal information of approximately 147 million people
due to vulnerabilities in their web application framework.

Causes of the Breach:

1. Unpatched Vulnerabilities: The breach was primarily caused by Equifax's failure to patch a known
vulnerability in the Apache Struts web framework (CVE-2017-5638).

2. Poor Incident Response: Equifax had an inadequate incident response plan, delaying their discovery
and remediation efforts.

3. Lack of Security Awareness: There was insufficient training and awareness among employees
regarding the importance of security practices.

Neglected Security Best Practices:

1. Timely Patch Management: Regularly updating software and applying patches to known
vulnerabilities.

2. Comprehensive Incident Response Plan: Having a well-defined and tested incident response strategy.

3. Employee Training: Providing ongoing security training and awareness programs for employees.

Mitigation Strategies:

1. Implement a Robust Patch Management Program: Establish a policy for regular monitoring of
software updates and applying patches promptly to address vulnerabilities, aligning with NIST and ISO
27001 standards.

2. Develop and Test an Incident Response Plan: Create a detailed incident response plan that includes
regular drills and assessments, ensuring preparedness for potential breaches, as recommended by NIST
SP 800-61.

3. Enhance Security Training and Awareness: Conduct regular security awareness training for all
employees, focusing on identifying potential threats and understanding the importance of security
practices, in line with CISSP and other industry standards.

By adopting these strategies, organizations can significantly reduce their risk of similar breaches and
enhance their overall security posture.
Secure Network Architecture Design

Overview: The proposed network architecture consists of multiple layers of security controls, designed
to protect against evolving security threats while ensuring flexibility and scalability.

Key Components:

1. Perimeter Firewall:

- Function: Acts as the first line of defense by filtering incoming and outgoing traffic based on security
rules.

- Mitigation: Protects against unauthorized access and denial-of-service (DoS) attacks by blocking
suspicious traffic.

2. Intrusion Prevention System (IPS):

- Function: Monitors network traffic for signs of malicious activity and can actively block threats.

- Mitigation: Detects and responds to intrusions in real-time, reducing the risk of data breaches.

3. Virtual Private Network (VPN):

- Function: Provides secure remote access to the corporate network by encrypting data transmitted
over the internet.

- Mitigation: Protects sensitive data from interception and unauthorized access, particularly for remote
workers.

4. Access Control Lists (ACLs):

- Function: Defines which users or devices have permission to access specific network resources.

- Mitigation: Reduces the attack surface by limiting access to sensitive data and systems to authorized
users only.

5. Data Encryption:

- Function: Encrypts data at rest and in transit to protect against unauthorized access.

- Mitigation: Ensures that even if data is intercepted or accessed without authorization, it remains
unreadable.
6. Endpoint Protection:

- Function: Deploys antivirus and anti-malware solutions on all endpoint devices.

- Mitigation: Prevents malware infections and secures devices against exploitation, especially from
phishing attacks.

Rationale for Design Decisions:

- Layered Security (Defense in Depth): Each security control acts as a barrier, ensuring that if one layer is
compromised, others remain intact.

- Adaptability: The architecture can evolve with emerging threats; for example, adding new security
technologies like SIEM or enhanced user authentication measures.

- User-Centric Security: Implementing VPNs and strong access controls ensures that remote employees
can securely access corporate resources without exposing the network to unnecessary risk.

This secure network architecture addresses a wide range of potential security threats while promoting a
proactive stance toward evolving cybersecurity challenges.