Information Security Management Portfolio
Overview
This case studied the 2019-2020 Alibaba Taobao data breach, in which a cyber attacker used a malicious web crawler to scrape IDs and phone numbers of over 1.1 billion users’ records for 8–9 months. A number of significant vulnerabilities were revealed as a result of the attack, inclusive of weak anti-scraping controls and insider attacks, leading to reputational damage and business threats. In order to defeat such loopholes, I created a strong Information Security Management System (ISMS) with multi-layered controls: technical (rate limiting, honeypot pages, HTML randomization), procedural (employee training, data encryption policies), and physical (biometric access, CCTV). The system was developed to defend against future attacks and comply with data protection laws like China’s PIPL (Personal Information Protection Law).
The project displays my ability to conduct risk assessments, design tailored security solutions, and take stakeholder trust seriously through proactive means. Through the integration of intrusion detection tools and periodic audits, the ISMS is not only designed to mitigate scraping risks, but to also bolster Alibaba’s general security posture. The case showcases the importance of good cybersecurity practices in global e-commerce platforms handling confidential information.