Question 1. What weaknesses in ChoicePoint Information Security Management practices likely contributed to their data breach? Please explain how they contributed and what Choice Point could do to strengthen these areas.
Question 2. Discuss the pros and cons of two information security management models that would be appropriate for ChoicePoint to implement? Explain the strengths and weaknesses of each model within the context of Choice Point's business model.
Question 3. Design an information security metrics program that would provide ChoicePoint executives with visibility into the effectiveness of the security program in preventing future data breaches. What information security metrics would you recommend and why?
Question 4. What are the key risk areas that ChoicePoint (and the data broker industry) as a whole need to address to protect its information and to minimize the negative perception (and the resultant likelihood of restrictive laws being passed) of the industry as a whole?
Question 5. To what extent did each of the following three areas (technology, people, process) play in the ChoicePoint data breach? Explain.