Outline of Report
1.Introduction – what is the purpose of the report?
2. Background – what is the context for the analysis about to be presented. Be detailed but concise. You should not restate the whole case or history of company here, but you should pull the relevant facts from the case that are important to understanding the issues you will be presenting.
3. Problem Statement – be clear and concise in what specifically you feel the key problem or issue that needs to be addressed. Remember our discussion last week about noise and finding the root – this is where it comes into play.
4. Analysis – This is where you address the case questions as a means of exploring the issue/problem. Try to demonstrate your knowledge and understanding of assigned readings in your analysis. While you are always welcome to do additional research, ensure it is not at the expense of demonstrating knowledge of case or assigned readings. You should also feel comfortable incorporating business concepts learned from other courses. Ensure you cite all of your sources, even the case itself.
5. Recommendations/Action Plan – Based on your analysis, you should now have a sense of how to solve/address the stated problem. Explain what you would now due given what you know and understand at this point – include both a short-term and long-term strategy.
6. Conclusion – Recap key points here – do not introduce new data at this point.
Questions for report
Prepare a 5-page report (12-point font, double spaced not including the title page or reference page), that addresses the following questions:
-Identify the key factors that created the weak security situation in a company.
-Discuss vulnerabilities that were exploited in Equifax incident. Provide assessment of appropriate organizational and security controls that were put in place by the company before the breach.
-Consider the measures the company has taken to recover from the incident.
-Evaluate post-attack security measures. Discuss and prioritise the risks.
-Could have this incident been prevented
-Evaluate the company’s response to this incident and the measures proposed by US government. Which of these measures can be adopted by other companies?