Case Study: Heartland Breach
Read the article titled, “Update: Heartland breach shows why compliance is not enough” located at the following Computerworld link:
Write a two to three (2-3) page paper in which you:
- Explain whether you believe adherence of regulations such as PCI are enough to protect a company from these types of breaches and why or why not.
- Give your opinion on whether companies should formulate security controls based on anti-cybercrime techniques, such as end-to-end encryption, or those based purely complying with industry regulations. Provide a rationale with your response.
- Suggest at least three (3) additional security controls and techniques based on the Heartland and similar breaches such as TJX. Provide an explanation for your suggestions.
- Determine the types of monitoring that could be implemented to help quickly identify penetrations and hurdle the “point-in-time” security protections that regulations, such as PCI, provides.
- Use at least two (2) quality resources in this assignment other than the one linked above. Note: Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
- Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
- Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
The specific course learning outcomes associated with this assignment are:
- Identify common information-gathering tools and techniques.
- Explain the process of network traffic analysis and sniffing and their appropriate tools.
- Compare and contrast defensive technologies.
- Use technology and information resources to research issues in cybercrime techniques and response.
- Write clearly and concisely about topics related to cybercrime techniques and response using proper writing mechanics and technical style conventions.