Research one instance of a security breach that occurred for each of the best practices of access control (separation of duties, job rotation, least privilege, and implicit deny). Write a short summary of the breach. Rank the four best practices from most effective to the least. Why did you rank them this way?
Separation of duties-In 2016 The Alberta Motor Association ( AMA) after its President of Information Technology defrauded the company of 8.2 million dollars over a 3 year period. Being the only employee with access to approve payment for good he created false invoices.
Job Rotation-The Equifax data leak was caused by an IT employee who failed to update critical updates to the company software. The security team failed to install a security update that was recommended to stop intruders.Least Privilege- The Target hack is an example of this. A Third-party HVAC company had administrative access to Target store's internal network. They were given these privileges so that they could monitor the HVAC system performance. The attackers installed Malware onto the HVAC company's devices and they were able to harvest credentials to the target network that gave them internal access.
Implicit Deny-In 2018 Veem was compromised when one of their IP addresses resolved to an unprotected database. It was all because there was no password protecting the database.
The ranking I choose from most effective to least is based on the level of importance each has and the effectiveness of each.
Sample Solution