logo

IT Security Management: The Home Depot Data Breach

Analyzing the Home Depot data breach and its impact on payment card security, with a focus on the use of EMV Chip-and-PIN payment cards.

14 Pages4702 Words91 Views
   

Added on  2022-12-23

About This Document

This report analyzes the case study of Home Depot data breach, including the possibilities of the breach, its impact, and provides relevant solutions. It also discusses the information security framework for this particular case study.

IT Security Management: The Home Depot Data Breach

Analyzing the Home Depot data breach and its impact on payment card security, with a focus on the use of EMV Chip-and-PIN payment cards.

   Added on 2022-12-23

ShareRelated Documents
Running head: IT SECURITY MANAGEMENT
IT Security Management: The Home Depot Data Breach
Name of the Student
Name of the University
Author’s Note:
IT Security Management: The Home Depot Data Breach_1
1
IT SECURITY MANAGEMENT
Table of Contents
Part 1: Case Study Analysis.......................................................................................................2
1. Introduction........................................................................................................................3
2. Possibilities of the Security Breach....................................................................................3
3. Impact of the Breach..........................................................................................................4
4. Solutions or Patches...........................................................................................................5
5. Policies...............................................................................................................................6
6. Information Security Framework.......................................................................................6
7. Conclusion..........................................................................................................................7
Part 2: Computer based Fraud....................................................................................................8
1. Introduction........................................................................................................................8
2. Computer Fraud: Types and Impact on Organization........................................................8
3. Evidence of Involvement of IT Employees.......................................................................9
4. Few Possible Mechanisms for avoiding Fraud..................................................................9
5. Conclusion........................................................................................................................10
References................................................................................................................................11
IT Security Management: The Home Depot Data Breach_2
2
IT SECURITY MANAGEMENT
Part 1: Case Study Analysis
Abstract
The objective of this report is to analyse the case study of Home Depot data breach. Data
breaches can be both accidental and intentional. A cybercriminal is responsible for hacking
the specific organizational database, in which personal information is being shared. An
employee in any particular organization accidentally exposes the information on the Internet
and hence criminals get opportunity for accessing every vital personal detail from them. Most
of the data breaches eventually involve vulnerable as well as overexposed unstructured data
such as sensitive information and documents. Most of the rules and regulations have passed
data breach notification laws and have required an organization to check whether data
breaches are threatening for the customers or not. Home Depot has faced major issues related
to the hacking of their POS systems. This report has identified the possibilities of the breach,
impact of the breach and provided relevant solutions to these data breaches.
IT Security Management: The Home Depot Data Breach_3
3
IT SECURITY MANAGEMENT
1. Introduction
A data breach can be referred to as an incident, which exposes protected and sensitive
information. It even involves subsequent theft or loss of the social security number, personal
health data, emails, passwords and bank account details (Jaferian et al., 2014). A data breach
occurs through insider and privilege misuses or physical loss or theft. Denial of services is the
second significant and distinct type of data breach. The following report outlines a brief
discussion of the case study of Home Depot Data Breach. Details related to possibilities of
the security breach, impact of the breach, solutions, relevant policies and suitable information
security framework for this particular case study will be provided in the report.
2. Possibilities of the Security Breach
On 8th September, 2014, the POS systems of Home Depot were being compromised
by several exploitation methods and the utilization of stolen third party vendor credentials
and RAM scraping malware were highly instrumental for making the data breach successful.
The confidential information of the payment cards were sold online by the cyber attackers
(Boyle & Panko, 2014). The very first step in this process is to sell the payment card to
brokers, which is further sold to carders on certain phishing websites. There were almost 56
million payment cards stolen from the Home Depot data breach. The major possibilities of
this particular security breach include involving memory scraping malware. This malware has
the core capability of reading the contents of RAM on any POS terminal, as soon as the
payment card data was present in clearer texts.
The major weakness of the organization of Home Depot that allowed this threat to
occur was that the respective POS systems were not properly locked down and as a result, the
memory scraping malware had the capability of stealing such information (Hänsch &
Benenson, 2014). The attacker had infiltrated the networks of POS and then implemented the
process to steal the data of payment cards. The attackers, hence had the ability of obtaining
access of the vendor environments with login credentials. As soon as they got into the
network of Home Depot, they started to install the memory scraping malware for more than
7500 self checkout terminals of POS and then grabbed 56 million debit and credit cards.
Home Depot did not consider and took necessary steps for protecting their point of sale
systems and hence the attackers got the opportunities to implement such vulnerabilities and
steal payment card information (Angst et al., 2017). Network segregation is yet another
important weakness of this organization.
IT Security Management: The Home Depot Data Breach_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
The Home Depot Data Breach
|8
|1749
|476

Teach with Digital Technologies
|8
|1687
|32

Case Study: The Home Depot Data Breach
|7
|1152
|186

Critical Analysis on Home Depot Data Breach
|8
|1651
|61

Issue in POS Systems - Assignment
|3
|724
|290

JP Morgan Data Breach
|5
|722
|96