1. Identify and describe three (3) areas that indicate poor incident response processes at Equifax. Use the NIST Incident Response Framework to assist you here (in your three areas you identify, ensure you also note which phase(s) of the NIST Incident Response Life Cycle is most relevant to the specific issue/area)

2. What one step did Equifax do that you believe caused the most damage in this case?

3. What specifically could Equifax have accomplished to improve this situation and response?

Summary: Equifax is responsible for determining credit scores based on people's debt loads, credit repayment histories, credit availability and so on-and is one of three main companies that US financial institutions rely on to determine qualifications for mortgages and other loan approvals. Other businesses rely on Equifax too: For instance, if a landlord is deciding whether to rent to someone, he or she would very likely ask for a credit report from Equifax. Consumers work directly with Equifax directly too, ironically to detect identity theft after a breach, through the company's credit monitoring and insurance services. As a result, this is a company that has touched (and has sensitive financial information on) almost every adult in one of the world's most populous countries. In all, 45% of the US population is directly affected by this incident (the total US population, including everyone from infants to centenarians, stands at 325 million). AUTHOR: LILY HAY HEWMANNTIS Www.VIRED.COM/AUTHOR/LILY-MAY-REWMAN WIRED ON. http://www.wired.com/story/equifas-breach-ge All the Ways Equifax Epically Bungled Its Breach Response The corporate headquarters of Equifax Inc. in Atlanta, GA MIKE STEWART/AP The breach of the credit monitoring firm Equifax, which exposed extensive personal data for 143 million people, is the worst corporate data breach to date. But, incredibly, the mistakes and the superlatives don't end there. Three weeks since the company first publicly disclosed the situation, a steady stream of gaffes and revelations paint a picture of Equifax's deeply lacking response to catastrophe. Equifax's bungles kicked off quite literally on day one, when the company directed potential victims to a separate domain-equifaxsecurity 2017.com-instead of simply building pages to handle the breach off of its main, trusted website, equifax.com. Observers quickly found bugs, some of them serious, in that