490 WK5 DQ1 100-150 WORDS
In 2018, CEO Mark Zuckerburg responded to a data breach by writing in a Facebook post, "We have a responsibility to protect your data, and if we can't, then we don't deserve to serve you. I've been working to understand exactly what happened and how to make sure this doesn't happen again." (Schwalbe, 2018). Discuss how this problem could have been avoided. Explain why this problem is a product of poor quality.
REPLIES 75-100 WORDS
A Chad Pope
Hello Professor Gentry,
Based on my research and analysis of the circumstances surrounding the 2018 Facebook data breach, Facebook could and should have used project quality management processes and principles regarding third party applications offered on their platform. Did Facebook develop a quality management plan? If so, did they execute it? Did they implement quality control techniques? It would appear not. The Cambridge Analytica application compromised the information of Facebook users’ friends without their consent. Sound quality management could have at least reduced the risk associated with third party applications. I am not sure it would have completely mitigated the risk, but it could certainly have lowered it.
B Francheska Janosik
To me it would seem that the company should have required the privacy protection that they implanted in 2014 from the very beginning. There should always be strict requirements around the access and use of personal information. There should have been no point in time that a company should have been able to access private personal information.
C Jordan Ehresman
The Facebook data breach of 2018 was caused by vulnerabilities in a new implemented feature that allowed for the attackers to gain control of millions of user accounts through stolen access tokens. According the research by Wong (2019) the breach attack was conducted from September 16 and finally discovered and patched on by September 25th. This attack was able to access all the data that presented on the users account as well login capabilities for third party applications that utilize Facebook login as a method of access. Software vulnerabilities are inevitable but mitigating and account for them should be prioritized by all organization to ensure that both the company and the users data integrity is upheld. Vulnerability assessment processes and vulnerability scanners should be utilized to identify and correct for all all discovered vulnerabilities (Hamilton, 2022). Vulnerability assessments allow for the organization to identify and resolve all found vulnerabilities in an efficient manner that ranks them accordingly and minimizes the chances that they can be exploited upon before correction. Vulnerability scanners are categorized into host based, network based and database based tools and are utilized to identify vulnerabilities over the differing source associated with each type. These tools should be used to monitor and detect vulnerabilities in a timely manner.