Credit reporting agency Equifax on Wednesday released its security and privacy controls framework to provide a public blueprint to help organizations to build or enhance their own cybersecurity programs.
The framework, released as open-source, provides tools that can be used by businesses large and small to design, build and maintain secure processes, Equifax said.
Equifax Chief Information Security Officer (CISO) Jamil Farshchi said the framework was created as part of the company’s $1.5 billion investment into a security transformation that followed a massive data breach in 2017 that exposed personal data from approximately 147 million people.
In a 2022 post-breach settlement with the FTC, Equifax was ordered to spend $1 billion on data security improvements.
“Over the course of several years, we’ve made unprecedented investments in our cybersecurity, and now, we’re open sourcing our security and privacy controls framework to help other organizations who need it,” said Russ Ayres, Senior Vice President, Security Architecture and Engineering at Equifax.
“The framework we’ve created is comprehensive enough to protect an entire organization and has the specificity to ensure that it can be implemented swiftly and effectively.”
The company said the five core capabilities within the framework — cybersecurity, privacy, fraud prevention, crisis management and physical security — matches the National Institute of Standards and Technology’s Cybersecurity Framework (NIST CSF) and Privacy Framework (NIST PF) and support a comprehensive, defense-in-depth approach to security and privacy.
Farshchi said the newly released framework has served as the basis for nearly every improvement made by Equifax in security and privacy. “It was the mechanism we used to establish our strategic priorities, assess risk across our enterprise, navigate regulatory requirements, and drive progress,” he added.
Related: 143 Million Affected in Hack of U.S. Credit Agency Equifax
Related: Equifax Ordered to Spend $1 Billion on Data Security
Related: Equifax CEO Steps Down After Massive Data Breach
Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.
More from Ryan Naraine
- Microsoft Catches Chinese .Gov Hackers Targeting US Critical Infrastructure
- Researchers Spot APTs Targeting Small Business MSPs
- Mikrotik Belatedly Patches RouterOS Flaw Exploited at Pwn2Own
- Red Hat Pushes New Tools to Secure Software Supply Chain
- Investors Make $6M Bet on Manifest for SBOM Management Technology
- Entro Raises $6M to Tackle Secrets Sprawl
- IBM Snaps up DSPM Startup Polar Security
- Huntress Closes $60M Series C for MDR Expansion
Latest News
- Russia Blames US Intelligence for iOS Zero-Click Attacks
- Toyota Discloses New Data Breach Involving Vehicle, Customer Information
- Cisco Acquiring Armorblox for Predictive and Generative AI Technology
- Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks
- Amazon Settles Ring Customer Spying Complaint
- Organizations Warned of Salesforce ‘Ghost Sites’ Exposing Sensitive Information
- Adobe Inviting Researchers to Private Bug Bounty Program
- Critical Vulnerabilities Found in Faronics Education Software
