SlideShare a Scribd company logo

Cybersecurity Research Paper instructionsSelect a research topic.docx

Download as DOCX, PDF
T
theodorelove43763

Cybersecurity Research Paper instructions Select a research topic from the list below. After selecting your topic, research the incident using news articles, magazine articles (trade press), journal articles, and/or technical reports from government and industry. TJ Maxx Security breach For a grade of A, a minimum of five authoritative sources are required. Your research is to be incorporated into the students' 3- to 5-page written analysis of the attack or incident. Your report is to be prepared using basic APA formatting (see below) and submitted as an MS Word attachment to the Cybersecurity Research Paper entry in your assignments folder. This paper must be plagiarism free. I will have to turn it in using turnitin.com! Below is one source that should be used for this paper. I will also send the full text pdf for the source. Source 1 Berg, G. G., Freeman, M. S., & Schneider, K. N. (2008). Analyzing the TJ Maxx Data Security Fiasco. CPA Journal, 78(8), 34-37. A C C O U N T I N G & A U D I T I N G a u d i t i n g Analyzing the TJ Maxx Data Security Fiasco Lessons for Auditors By Gary G. Berg. Michelle S. Freeman, and Kent N. Schneider I n January 2007, TJX Companies,Inc. (TJX), the parent company ofretail chains such as T,J. Maxx and Marshalls, issued a press release announc- ing that its computer systems had been breached and that customer information had heen stolen. As the investigation into the crime continued during 2007, estimates of the number of customers affected sky- rocketed. Other reports indicated that at least 94 million Visa and MasterCard accounts had been compromised, with loss- es projected to approach $4.5 biilion. As expected, Visa and MasterCard are seek- ing to recoup these losses from TJX. The sheer scale of the security breach should cause auditors to wonder about the impli- cations for their professional practice. What Went Wrong at TJX? Investigations into the TJX case appear to indicate that the company was not in compliance with the Payment Card Industry (PCI) data security standards established in 2004 by American Express, Discover Financial Services. JCB. MasterCard Worldwide, and Visa Intemational. Repxirts identified three major areas of vulnerability: inadequate wireless network security, improper storage of customer data, and failure to encrypt cus- tomer account data. Inadequate wireless network security. The store where the initial breach occurred was using a wireless network that was inadequately secured. Specifically, the net- work was using a security protocol known as wired equivalent privacy (WEP), One problem with WEP security is that it is easy to crack. In fact, researchers at Darmstadt Technical University in Germany have demonstrated that a WEP key can be broken in less than a minute. More important. WEP does not satisfy industry standards that require the use of the much stronger WPA (Wi-Ei Protected Access) protocol. After breaking into the store's network, the hackers then bre.

1 of 20
Cybersecurity Research Paper instructions Select a research topic from the list below. After selecting your topic, research the incident using news articles, magazine articles (trade press), journal articles, and/or technical reports from government and industry. TJ Maxx Security breach For a grade of A, a minimum of five authoritative sources are required. Your research is to be incorporated into the students' 3- to 5- page written analysis of the attack or incident. Your report is to be prepared using basic APA formatting (see below) and submitted as an MS Word attachment to the Cybersecurity Research Paper entry in your assignments folder. This paper must be plagiarism free. I will have to turn it in using turnitin.com! Below is one source that should be used for this paper. I will also send the full text pdf for the source. Source 1 Berg, G. G., Freeman, M. S., & Schneider, K. N. (2008). Analyzing the TJ Maxx Data Security Fiasco. CPA Journal, 78(8), 34-37. A C C O U N T I N G & A U D I T I N G a u d i t i n g Analyzing the TJ Maxx Data Security Fiasco Lessons for Auditors
By Gary G. Berg. Michelle S. Freeman, and Kent N. Schneider I n January 2007, TJX Companies,Inc. (TJX), the parent company ofretail chains such as T,J. Maxx and Marshalls, issued a press release announc- ing that its computer systems had been breached and that customer information had heen stolen. As the investigation into the crime continued during 2007, estimates of the number of customers affected sky- rocketed. Other reports indicated that at least 94 million Visa and MasterCard accounts had been compromised, with loss- es projected to approach $4.5 biilion. As expected, Visa and MasterCard are seek- ing to recoup these losses from TJX. The sheer scale of the security breach should cause auditors to wonder about the impli- cations for their professional practice. What Went Wrong at TJX? Investigations into the TJX case appear to indicate that the company was not in compliance with the Payment Card Industry (PCI) data security standards established in 2004 by American Express, Discover Financial Services. JCB. MasterCard Worldwide, and Visa Intemational. Repxirts identified three major areas of vulnerability: inadequate wireless network security, improper storage of customer data, and failure to encrypt cus- tomer account data.
Inadequate wireless network security. The store where the initial breach occurred was using a wireless network that was inadequately secured. Specifically, the net- work was using a security protocol known as wired equivalent privacy (WEP), One problem with WEP security is that it is easy to crack. In fact, researchers at Darmstadt Technical University in Germany have demonstrated that a WEP key can be broken in less than a minute. More important. WEP does not satisfy industry standards that require the use of the much stronger WPA (Wi-Ei Protected Access) protocol. After breaking into the store's network, the hackers then breached security at the corporate headquarters and Security Standard 3.2 clearly states that after payment authorization is received, a merehant is not to store sensitive data, such as the CVC. PIN. or full-track infonnation. Exhibit I shows a comparison of key data items believed to have been stored by TJX, obtained the customer account information stored there. According to a May 4, 2007, Wall Street Joumal article, the intruders had access to the TJX records for 18 months without being detected. Improper storage of customer daia. The TJX data storage practices also appear to have violated industry standards. Reports
indicate that the company was storing the full-track contents scanned from each customer's card. Moreover, customer records appear to have included the card- validation code (CVC) number and the per- sonal identification numbers (PIN) associ- ated with the customer cards. PCI Data along with the relevant PCI standards. Most likely. TJX did not retain this information with malicious intent. The company may have been using older point- of-sale (POS) software that had been designed to capture all card data and that could not be reconfigured to comply with PCI standards. This problem has been linked to credit-card security breaches at other retailers. Another possibility is that the POS software was adequate, but improperly configured. Failure to encrypt customer data. Even if the hackers had been able to infiltrate the TJX corporate network and access the 34 AUGUST 2008 / THE CPA JOURNAL improperly stored customer records, it is likely that no harm would have resulted, had the customer data been securely encrypted. Given the large number of fraudulent transactions traced back to the TJX breach, it is obvious that either the data had not been
encrypted, or the hackers stole the encryp- tion key. In either case, industry standards were not maintained hy TJX. PCI Data Sectirity Standard 3.4 i-et]uires that at min- imum, the customer's "primary account number" (i.e.. the customer's card number) be "rendered unreadable.'' Furtheniiore. PCI Data Security Standards 3.5 and 3.6 nitjuire merchants to pnMect tlie encryption keys used for protecting customer data from disclosure and misuse. How the TJX Breach Affects Audit Practices At firNt. the TJX fiasco appears to offer an object lesson for retailers" IT departments, rather tkui auditors. After all, aistomeni' cred- it card numbeis are not the retailer's asset to protect; rather, the sales transaction itself is what accounting intentai controls have tradi- tionally sought to secure. With the atlvent of Statement on Auditing Standaitl (SAS) 109, UnderstíUKÜng ¡Iw Entity and ¡ts Envimntnent and Assessing the Risks of Material Misstatemctu. internal control clearly extends beyond protecting one's own assets. SAS 109 requires auditors to "audit die business, and not just the books'" when evaluating the risks of a client's financial statements containing a material misstate- ment. Specifically, SAS 109 requires an understanding of: 1 ) the entity and its envi- ronment: 2) the entity's intemal control
environment: and 3) susceptibility of the entity's ñnancial statements to material misstatement resulting from liabilities. Understanding the entity and its envi- ronment. RetaileiN ciinnot continue to oper- ate by kxïking after only their own assets. as seen in the TJX debacle. Customer cred- it and debit card information is a valued target of data thieves. Technology bas made purchasing information more valu- able than actual cuirency. because it can be used to nin up huge bills for the origi- nal cardholders. These victims are left with the lengthy, painful task of restoring their good credit ratings. To protect against data theft, consumers can refrain from using debit and credit cards (an inconvenient option), or refrain from shopping at stores that suffer data breaches. In other words, it is ultimately in the best interest of retailers to follow industry standards and protect customer credit and debit card records. Understanding the entity s intemal con- trol environment. In the digital economy. retailers must implement both physical and electronic controls. For example, stores should have physical control over the cred- it card scanners at checkout Itxrations by bolting them to the counter. Otherwise, a thief could replace a retailer's scanner with an identical-looking scanner that also stores scanned customer infonnation on a hidden
^JVlinutes FOCUSED LEGAL COUNSEL *': a IN nüUH Ja • we are a law firm, that's all. we form california incorporation Determine Name Avallabiitty and Reserve Nar^e Prepare and File Articles/Certificate of Formation Ail Secretary of State Filing Fees Custom Bylaws Custom Organizational Minutes, authorizing the election ot officers and directors, establishment of bartk accounts, issuance of stock, and other matters Preparation and Issuance of Share Certificates Statement ol Information and Filing Fees Preparation ol 25iO2(f) Certificate and Filing Fees'
Prepare 1RS Form SS-4 and Obtain Tax Identification Na Prepare and Rle IHS Form Z553 (NY State CT-6) to make "S" Election Ancillary Documents, including Pmmissory Notes. Medical E<pense Reimbursement Plan, Employment Agreement Resident Agent Services for one year Follow up to ensure all documents are prtqierlY signed, filed, fees are paid, ano formation is properly completed Experienced Counsel handling every formation and avaiiable to consult on aii aspects of the process Corporate Kit Seal, and duplicate Set of Documents on CO Accountan! Copy of AN Documents Delivered on CD-ROM eMinutes Entity Management System (with online document iihrary. real-time monitoring ot corporate deadiines) via secure web-based Interface Automatic Enrollment tn Annual Minutes System i/ x/ x/ • •
x/ * / and maintain entities. non-lawyer delaware new york ! incorporation ncorporation incorpora lion online service ^/ i / ^ n/a n/B • I %/ x/ i / */ s/ n/a n/a
• • ^^ ^^ ^^ ê ^ t/ Cost 'For capitaliistiDn up to $100,000 J E 4 ? Í ! I ) aS.A7>tí' ét^Ít Admitted to practice law in Callfornia and New York, www.eMinutes.com Toil-Free 877 UNGERLAW AUGUST 2008 / THE CPA JOURNAL 35 chip. Later, the thief could retum to the store and switch scanners again, walking away with the customer data accumulated in the interim. Understatiding the risk of material mis- statement resulting from contingent lia- bilities. Although customer purchasing infomiation is not an asset of the retailer, possession of that information imposes great responsibility on the retailer, and fail- ure to protect that information can result in huge liabilities.
EXHIBIT 1 Suspected TJX Data Retention Practice Compared with PCI Standards Î; Cardholdar Data LP Sensitive Authentication Datât Data hern Primary Account Number (PAN) Cardholder Name* Service Code* Expiration Date* Full Magnetic Stripe CVC2yCW2/CID PIN/PIN Block Data Retained by TJX Yes
Yes Yes Yes Yes Yes Yes PCI Retention Standards Yes Yes Yes Yes No No No * Must be protected if stored in conjunction with PAN. [. t Sensitive authenticaton data must not be stored after authorization (even if encrypted]. EXHIBIT 2
Auditor's Checklist Exposure to Contingent Liabilities from Theft of Customer Data Is there wireless access to the company's network? Is the company's wireless network secured using WPA encryption and a strong password? Does it conform to PCI standards? Are the company's data storage practices and security over stored customer data reasonable? Does the company have reasonable data-retention policies and practices? Does the company retain customer data for a reasonable length of time? Are policies in place to notify customers of possible security breaches? Does the company conduct background checks on employees? Does the company train employees on the importance 1 of maintaining confidentiality of customer data? Higher
Exposure Yes No No No No No No No No Lower Exposure No Yes Yes Yes Yes Yes
Yes Yes Yes One source of potential liability is the contracts that the retailer makes with card issuers in order for the store to accept cred- it and debit cards as payment for iransac- tions. Typically, these contracts require that merchants comply with PCI Data Security Stiindards. Failure to comply with the stan- dai'ds exposes a merchant to two types of liability. First, the contract with the card issuer provides for substantial penalties if the merchant does not comply with PCI standard.s. Second, and more significant- ly, merchants ai'e subject to "push-back" liability for damages suffered by the card issuer as a result of the merchant's data breach. These tosses sustained by card issuers include not only the fraudulent charges made on the accounts of the vic- tims of identity theft, but also the admin- istrative costs associated with the issutmce of new cards to cu.stomers whose person- al infomiation may have been compro- mised. For TJX. the bulk of its liability will likely result from such push-back losses sustiiined by issuers. Another source of risk to retailers is the growing number of state laws regard- ing notification of security breaches.
According to the National Conference of State Legislatures "State Security Breach Notification Laws" webpage (w ww.ncsi.org/programs/lis/cip/priv/ breachlaws.htm), as of May I, 2008, at least 42 states, the District of Columbia, and Puerto Rico have legislation requir- ing notification of security breaches involving personal infomiation. The New York statute (New York State General Busine.ss Law section 899- aa. subsections 2 and 3) is fairly typical. It applies to any New York businesses that own, license, or maintain computer- ized data containing "private informa- tion," such as an individual's Social Security number, driver's license num- ber, or account number, along with the required access code or password need- ed to permit access to an individual's financial account. These businesses must notify any New York resident whose private information was acquired, or believed to have been acquired, by someone without valid authorization. If the business fails to promptly notify the affected parties, the statute authorizes damages for actual costs or losses, includ- ing "consequential financial losses" [New 3 6 AUGUST 2008 / THE CPA JOURNAL York State General Business Law section
8')9-aa, subsection 6{a)j. What Auditors Can Learn from the TJX Fiasco When evaluating the risks iissociated with a retailer's btisiness, valuable lessons can be leiuiied from the mistakes of TJX. Altliough TJX is a huge organiration, these risks are equally applicable to mom-and-pop opera- tions. Exhibit 2 summarizes these lessons. First, check to see if there is wireless access to the company network. Even if company policy prohibits wireless routers, a renegade router installed by an employee may be connected. If wire- less access does exist, evaluate the type of encryption used by the router. Make sure that a method prescribed by PCI standards, such as WPA or WPA2, is in use. Under no circumstances should WEP encryption be used. In addition, evaluate the strength of the log-on password and make sure that the router doesn't broad- cast its network name or service set iden- tifier (SSID). Where practical, the authors recommend configuring the router to restrict access to specific computers, using the unique media access control (MAC) address assigned to eaeh autho- rized computer. Second, evaluate the company's data storage practices and security for stored
customer data. Ascertain that the com- pany complies with PCI security stan- dards and is not retaining excess data scanned from customer credit and debit cards. Under no circumstances should a merchant retain a customer's debit card PIN. Also, make sure that customer dala stored by the retailer are encrypted using a strong key. Finally, review the company's data- retention [xilicies and practices. Make sure die merchiuit divs not retain ctistomer data any longer than permitted by the card issuers. Even better, do not retain data any longer than necessiuy to dtK'ument the underlying transaction. Ensure that policies lu-e in place to notify customers of possi- ble security breaches and that a prtx;ess is in place to implement the policies if a breach occurs. Ultimately, the security of a company's infonnation system relies upon the com- petency and honesty of its employees. Therefore, it is important lo conduct background checks on employees and to train them about tlie possibility of securi- ty breaches and how to avoid them. Ü Gary G. Berg, PhD, CPA, is an associ- ate professor of accountancy at East Teiini's.see State University. Jolm.wn City. Tenn. Michelle S. Freeman, EdD, CPA (inaetive), is an assistant professor of lyusi-
ness administration at Tusculwn College. Grecneville. Tenn. Kent N. Schneider, JD, CPA, is a professor of accountancy, also at East Tennessee Stale University, Johnson City, Tenn. Personal Financial Planning Community SAVE Join the AICPA Personal Financial Planning Membership Section 1st Edition! Get a discount on the AICPA Moss Adams PFP Planning Practice Study Access Forefield Advisor, a world-class client education and communication tool {$399 value) Stay informed about PFP legislation and developments Receive valuable resources, templates and turnkey client tools tailored for CPA financial planners Attend Web seminars on cutting-edge topics SAVE $200 Become a CPA Personal Financial Specialist Credential Holder (PFS) Enjoy complimentary membership in the PFP Section
Differentiate yourself from other financial planners: only a CPA can become a PFS Access marketing tools to promote yourself and increase new business Receive media training and opportunities to participate in public relations activities Network with other thought leaders in the industry :AICPA: Menlion ptonio code RHX Questions? e-mail [email protected] ISO Certified AUGUST 2008 / THE CPA JOURNAL 37

Recommended

Log Management for PCI Compliance [OLD]
Log Management for PCI Compliance [OLD]Log Management for PCI Compliance [OLD]
Log Management for PCI Compliance [OLD]
Anton Chuvakin
 
Tokenization: What's Next After PCI?
Tokenization: What's Next After PCI?Tokenization: What's Next After PCI?
Tokenization: What's Next After PCI?
EMC
 
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsWhitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Jason Dover
 
Credit Card Fraud Detection System Using Machine Learning Algorithm
Credit Card Fraud Detection System Using Machine Learning AlgorithmCredit Card Fraud Detection System Using Machine Learning Algorithm
Credit Card Fraud Detection System Using Machine Learning Algorithm
IRJET Journal
 
21 ijcse-01230
21 ijcse-0123021 ijcse-01230
21 ijcse-01230
Shivlal Mewada
 
George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarGeorge Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler Seminar
Don Grauel
 
Application to Quickly and Safely Store and Recover Credit Card’s Information...
Application to Quickly and Safely Store and Recover Credit Card’s Information...Application to Quickly and Safely Store and Recover Credit Card’s Information...
Application to Quickly and Safely Store and Recover Credit Card’s Information...
IRJET Journal
 
Eamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E CommerceEamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E Commerce
EamonnORagh
 

Recommended

Log Management for PCI Compliance [OLD]
Log Management for PCI Compliance [OLD]Log Management for PCI Compliance [OLD]
Log Management for PCI Compliance [OLD]
Anton Chuvakin
 
Tokenization: What's Next After PCI?
Tokenization: What's Next After PCI?Tokenization: What's Next After PCI?
Tokenization: What's Next After PCI?
EMC
 
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsWhitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Jason Dover
 
Credit Card Fraud Detection System Using Machine Learning Algorithm
Credit Card Fraud Detection System Using Machine Learning AlgorithmCredit Card Fraud Detection System Using Machine Learning Algorithm
Credit Card Fraud Detection System Using Machine Learning Algorithm
IRJET Journal
 
21 ijcse-01230
21 ijcse-0123021 ijcse-01230
21 ijcse-01230
Shivlal Mewada
 
George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarGeorge Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler Seminar
Don Grauel
 
Application to Quickly and Safely Store and Recover Credit Card’s Information...
Application to Quickly and Safely Store and Recover Credit Card’s Information...Application to Quickly and Safely Store and Recover Credit Card’s Information...
Application to Quickly and Safely Store and Recover Credit Card’s Information...
IRJET Journal
 
Eamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E CommerceEamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E Commerce
EamonnORagh
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants
- Mark - Fullbright
 
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceBest Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Rapid7
 
key-trends-in-merchant-security
key-trends-in-merchant-securitykey-trends-in-merchant-security
key-trends-in-merchant-security
Kerri Lorch
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6
seadeloitte
 
Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017
Anil Jain
 
Prevention of doctor shopping
Prevention of doctor shoppingPrevention of doctor shopping
Prevention of doctor shopping
Doug Brockway
 
Fraud prevention in dme claims
Fraud prevention in dme claimsFraud prevention in dme claims
Fraud prevention in dme claims
Doug Brockway
 
MTBiz May-June 2019
MTBiz May-June 2019 MTBiz May-June 2019
MTBiz May-June 2019
Mutual Trust Bank Ltd.
 
The Easy WAy to Accept & Protect Credit Card Data
The Easy WAy to Accept & Protect Credit Card DataThe Easy WAy to Accept & Protect Credit Card Data
The Easy WAy to Accept & Protect Credit Card Data
Tyler Hannan
 
Data Security: A field guide for franchisors
Data Security: A field guide for franchisorsData Security: A field guide for franchisors
Data Security: A field guide for franchisors
Grant Thornton LLP
 
How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...
Security B-Sides
 
Senate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_RicheySenate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_Richey
Peter Tran
 
Solving the Encryption Conundrum in Financial Services
Solving the Encryption Conundrum in Financial ServicesSolving the Encryption Conundrum in Financial Services
Solving the Encryption Conundrum in Financial Services
Echoworx
 
Blockchain & AML - The Yin & Yang
Blockchain & AML - The Yin & YangBlockchain & AML - The Yin & Yang
Blockchain & AML - The Yin & Yang
Syed Hassan Talal
 
PCI Compliance Seminar
PCI Compliance SeminarPCI Compliance Seminar
PCI Compliance Seminar
dlinehan2
 
Target@ Data Breach2edit
Target@ Data Breach2editTarget@ Data Breach2edit
Target@ Data Breach2edit
Kehinde Adelusi
 
A Case Study on Payment Card Industry Data Security Standards
A Case Study on Payment Card Industry Data Security StandardsA Case Study on Payment Card Industry Data Security Standards
A Case Study on Payment Card Industry Data Security Standards
Victor Oluwajuwon Badejo
 
PCI Compliance Report
PCI Compliance ReportPCI Compliance Report
PCI Compliance Report
Holly Vega
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991
Jim Romeo
 
Next generation payment technologies gain acceptance
Next generation payment technologies gain acceptanceNext generation payment technologies gain acceptance
Next generation payment technologies gain acceptance
Dawn Kehr
 
Exam Questions1. (Mandatory) Assess the strengths and weaknesse.docx
Exam Questions1. (Mandatory) Assess the strengths and weaknesse.docxExam Questions1. (Mandatory) Assess the strengths and weaknesse.docx
Exam Questions1. (Mandatory) Assess the strengths and weaknesse.docx
theodorelove43763
 
Evolving Leadership roles in HIM1. Increased adoption of hea.docx
Evolving Leadership roles in HIM1. Increased adoption of hea.docxEvolving Leadership roles in HIM1. Increased adoption of hea.docx
Evolving Leadership roles in HIM1. Increased adoption of hea.docx
theodorelove43763
 

More Related Content

Similar to Cybersecurity Research Paper instructionsSelect a research topic.docx

Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants
- Mark - Fullbright
 
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceBest Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Rapid7
 
key-trends-in-merchant-security
key-trends-in-merchant-securitykey-trends-in-merchant-security
key-trends-in-merchant-security
Kerri Lorch
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6
seadeloitte
 
Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017
Anil Jain
 
Prevention of doctor shopping
Prevention of doctor shoppingPrevention of doctor shopping
Prevention of doctor shopping
Doug Brockway
 
Fraud prevention in dme claims
Fraud prevention in dme claimsFraud prevention in dme claims
Fraud prevention in dme claims
Doug Brockway
 
MTBiz May-June 2019
MTBiz May-June 2019 MTBiz May-June 2019
MTBiz May-June 2019
Mutual Trust Bank Ltd.
 
The Easy WAy to Accept & Protect Credit Card Data
The Easy WAy to Accept & Protect Credit Card DataThe Easy WAy to Accept & Protect Credit Card Data
The Easy WAy to Accept & Protect Credit Card Data
Tyler Hannan
 
Data Security: A field guide for franchisors
Data Security: A field guide for franchisorsData Security: A field guide for franchisors
Data Security: A field guide for franchisors
Grant Thornton LLP
 
How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...
Security B-Sides
 
Senate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_RicheySenate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_Richey
Peter Tran
 
Solving the Encryption Conundrum in Financial Services
Solving the Encryption Conundrum in Financial ServicesSolving the Encryption Conundrum in Financial Services
Solving the Encryption Conundrum in Financial Services
Echoworx
 
Blockchain & AML - The Yin & Yang
Blockchain & AML - The Yin & YangBlockchain & AML - The Yin & Yang
Blockchain & AML - The Yin & Yang
Syed Hassan Talal
 
PCI Compliance Seminar
PCI Compliance SeminarPCI Compliance Seminar
PCI Compliance Seminar
dlinehan2
 
Target@ Data Breach2edit
Target@ Data Breach2editTarget@ Data Breach2edit
Target@ Data Breach2edit
Kehinde Adelusi
 
A Case Study on Payment Card Industry Data Security Standards
A Case Study on Payment Card Industry Data Security StandardsA Case Study on Payment Card Industry Data Security Standards
A Case Study on Payment Card Industry Data Security Standards
Victor Oluwajuwon Badejo
 
PCI Compliance Report
PCI Compliance ReportPCI Compliance Report
PCI Compliance Report
Holly Vega
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991
Jim Romeo
 
Next generation payment technologies gain acceptance
Next generation payment technologies gain acceptanceNext generation payment technologies gain acceptance
Next generation payment technologies gain acceptance
Dawn Kehr
 

Similar to Cybersecurity Research Paper instructionsSelect a research topic.docx (20)

Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants
 
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceBest Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
 
key-trends-in-merchant-security
key-trends-in-merchant-securitykey-trends-in-merchant-security
key-trends-in-merchant-security
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6
 
Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017
 
Prevention of doctor shopping
Prevention of doctor shoppingPrevention of doctor shopping
Prevention of doctor shopping
 
Fraud prevention in dme claims
Fraud prevention in dme claimsFraud prevention in dme claims
Fraud prevention in dme claims
 
MTBiz May-June 2019
MTBiz May-June 2019 MTBiz May-June 2019
MTBiz May-June 2019
 
The Easy WAy to Accept & Protect Credit Card Data
The Easy WAy to Accept & Protect Credit Card DataThe Easy WAy to Accept & Protect Credit Card Data
The Easy WAy to Accept & Protect Credit Card Data
 
Data Security: A field guide for franchisors
Data Security: A field guide for franchisorsData Security: A field guide for franchisors
Data Security: A field guide for franchisors
 
How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...
 
Senate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_RicheySenate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_Richey
 
Solving the Encryption Conundrum in Financial Services
Solving the Encryption Conundrum in Financial ServicesSolving the Encryption Conundrum in Financial Services
Solving the Encryption Conundrum in Financial Services
 
Blockchain & AML - The Yin & Yang
Blockchain & AML - The Yin & YangBlockchain & AML - The Yin & Yang
Blockchain & AML - The Yin & Yang
 
PCI Compliance Seminar
PCI Compliance SeminarPCI Compliance Seminar
PCI Compliance Seminar
 
Target@ Data Breach2edit
Target@ Data Breach2editTarget@ Data Breach2edit
Target@ Data Breach2edit
 
A Case Study on Payment Card Industry Data Security Standards
A Case Study on Payment Card Industry Data Security StandardsA Case Study on Payment Card Industry Data Security Standards
A Case Study on Payment Card Industry Data Security Standards
 
PCI Compliance Report
PCI Compliance ReportPCI Compliance Report
PCI Compliance Report
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991
 
Next generation payment technologies gain acceptance
Next generation payment technologies gain acceptanceNext generation payment technologies gain acceptance
Next generation payment technologies gain acceptance
 

More from theodorelove43763

Exam Questions1. (Mandatory) Assess the strengths and weaknesse.docx
Exam Questions1. (Mandatory) Assess the strengths and weaknesse.docxExam Questions1. (Mandatory) Assess the strengths and weaknesse.docx
Exam Questions1. (Mandatory) Assess the strengths and weaknesse.docx
theodorelove43763
 
Evolving Leadership roles in HIM1. Increased adoption of hea.docx
Evolving Leadership roles in HIM1. Increased adoption of hea.docxEvolving Leadership roles in HIM1. Increased adoption of hea.docx
Evolving Leadership roles in HIM1. Increased adoption of hea.docx
theodorelove43763
 
exam 2 logiWhatsApp Image 2020-01-18 at 1.01.20 AM (1).jpeg.docx
exam 2 logiWhatsApp Image 2020-01-18 at 1.01.20 AM (1).jpeg.docxexam 2 logiWhatsApp Image 2020-01-18 at 1.01.20 AM (1).jpeg.docx
exam 2 logiWhatsApp Image 2020-01-18 at 1.01.20 AM (1).jpeg.docx
theodorelove43763
 
Evolution of Terrorism300wrdDo you think terrorism has bee.docx
Evolution of Terrorism300wrdDo you think terrorism has bee.docxEvolution of Terrorism300wrdDo you think terrorism has bee.docx
Evolution of Terrorism300wrdDo you think terrorism has bee.docx
theodorelove43763
 
Evidence-based practice is an approach to health care where health c.docx
Evidence-based practice is an approach to health care where health c.docxEvidence-based practice is an approach to health care where health c.docx
Evidence-based practice is an approach to health care where health c.docx
theodorelove43763
 
Evidence-Based EvaluationEvidence-based practice is importan.docx
Evidence-Based EvaluationEvidence-based practice is importan.docxEvidence-Based EvaluationEvidence-based practice is importan.docx
Evidence-Based EvaluationEvidence-based practice is importan.docx
theodorelove43763
 
Evidence TableStudy CitationDesignMethodSampleData C.docx
Evidence TableStudy CitationDesignMethodSampleData C.docxEvidence TableStudy CitationDesignMethodSampleData C.docx
Evidence TableStudy CitationDesignMethodSampleData C.docx
theodorelove43763
 
Evidence SynthesisCritique the below evidence synthesis ex.docx
Evidence SynthesisCritique the below evidence synthesis ex.docxEvidence SynthesisCritique the below evidence synthesis ex.docx
Evidence SynthesisCritique the below evidence synthesis ex.docx
theodorelove43763
 
Evidence Collection PolicyScenarioAfter the recent secur.docx
Evidence Collection PolicyScenarioAfter the recent secur.docxEvidence Collection PolicyScenarioAfter the recent secur.docx
Evidence Collection PolicyScenarioAfter the recent secur.docx
theodorelove43763
 
Everyone Why would companies have quality programs even though they.docx
Everyone Why would companies have quality programs even though they.docxEveryone Why would companies have quality programs even though they.docx
Everyone Why would companies have quality programs even though they.docx
theodorelove43763
 
Even though technology has shifted HRM to strategic partner, has thi.docx
Even though technology has shifted HRM to strategic partner, has thi.docxEven though technology has shifted HRM to strategic partner, has thi.docx
Even though technology has shifted HRM to strategic partner, has thi.docx
theodorelove43763
 
Even though people are aware that earthquakes and volcanoes typi.docx
Even though people are aware that earthquakes and volcanoes typi.docxEven though people are aware that earthquakes and volcanoes typi.docx
Even though people are aware that earthquakes and volcanoes typi.docx
theodorelove43763
 
Evaluative Essay 2 Grading RubricCriteriaLevels of Achievement.docx
Evaluative Essay 2 Grading RubricCriteriaLevels of Achievement.docxEvaluative Essay 2 Grading RubricCriteriaLevels of Achievement.docx
Evaluative Essay 2 Grading RubricCriteriaLevels of Achievement.docx
theodorelove43763
 
Evaluation Title Research DesignFor this first assignment, .docx
Evaluation Title Research DesignFor this first assignment, .docxEvaluation Title Research DesignFor this first assignment, .docx
Evaluation Title Research DesignFor this first assignment, .docx
theodorelove43763
 
Evaluation is the set of processes and methods that managers and sta.docx
Evaluation is the set of processes and methods that managers and sta.docxEvaluation is the set of processes and methods that managers and sta.docx
Evaluation is the set of processes and methods that managers and sta.docx
theodorelove43763
 
Evaluation Plan with Policy RecommendationAfter a program ha.docx
Evaluation Plan with Policy RecommendationAfter a program ha.docxEvaluation Plan with Policy RecommendationAfter a program ha.docx
Evaluation Plan with Policy RecommendationAfter a program ha.docx
theodorelove43763
 
Evaluating 19-Channel Z-score Neurofeedback Addressi.docx
Evaluating 19-Channel Z-score Neurofeedback Addressi.docxEvaluating 19-Channel Z-score Neurofeedback Addressi.docx
Evaluating 19-Channel Z-score Neurofeedback Addressi.docx
theodorelove43763
 
Evaluate the history of the Data Encryption Standard (DES) and then .docx
Evaluate the history of the Data Encryption Standard (DES) and then .docxEvaluate the history of the Data Encryption Standard (DES) and then .docx
Evaluate the history of the Data Encryption Standard (DES) and then .docx
theodorelove43763
 
Evaluate the Health History and Medical Information for Mrs. J.,.docx
Evaluate the Health History and Medical Information for Mrs. J.,.docxEvaluate the Health History and Medical Information for Mrs. J.,.docx
Evaluate the Health History and Medical Information for Mrs. J.,.docx
theodorelove43763
 
Evaluate the environmental factors that contribute to corporate mana.docx
Evaluate the environmental factors that contribute to corporate mana.docxEvaluate the environmental factors that contribute to corporate mana.docx
Evaluate the environmental factors that contribute to corporate mana.docx
theodorelove43763
 

More from theodorelove43763 (20)

Exam Questions1. (Mandatory) Assess the strengths and weaknesse.docx
Exam Questions1. (Mandatory) Assess the strengths and weaknesse.docxExam Questions1. (Mandatory) Assess the strengths and weaknesse.docx
Exam Questions1. (Mandatory) Assess the strengths and weaknesse.docx
 
Evolving Leadership roles in HIM1. Increased adoption of hea.docx
Evolving Leadership roles in HIM1. Increased adoption of hea.docxEvolving Leadership roles in HIM1. Increased adoption of hea.docx
Evolving Leadership roles in HIM1. Increased adoption of hea.docx
 
exam 2 logiWhatsApp Image 2020-01-18 at 1.01.20 AM (1).jpeg.docx
exam 2 logiWhatsApp Image 2020-01-18 at 1.01.20 AM (1).jpeg.docxexam 2 logiWhatsApp Image 2020-01-18 at 1.01.20 AM (1).jpeg.docx
exam 2 logiWhatsApp Image 2020-01-18 at 1.01.20 AM (1).jpeg.docx
 
Evolution of Terrorism300wrdDo you think terrorism has bee.docx
Evolution of Terrorism300wrdDo you think terrorism has bee.docxEvolution of Terrorism300wrdDo you think terrorism has bee.docx
Evolution of Terrorism300wrdDo you think terrorism has bee.docx
 
Evidence-based practice is an approach to health care where health c.docx
Evidence-based practice is an approach to health care where health c.docxEvidence-based practice is an approach to health care where health c.docx
Evidence-based practice is an approach to health care where health c.docx
 
Evidence-Based EvaluationEvidence-based practice is importan.docx
Evidence-Based EvaluationEvidence-based practice is importan.docxEvidence-Based EvaluationEvidence-based practice is importan.docx
Evidence-Based EvaluationEvidence-based practice is importan.docx
 
Evidence TableStudy CitationDesignMethodSampleData C.docx
Evidence TableStudy CitationDesignMethodSampleData C.docxEvidence TableStudy CitationDesignMethodSampleData C.docx
Evidence TableStudy CitationDesignMethodSampleData C.docx
 
Evidence SynthesisCritique the below evidence synthesis ex.docx
Evidence SynthesisCritique the below evidence synthesis ex.docxEvidence SynthesisCritique the below evidence synthesis ex.docx
Evidence SynthesisCritique the below evidence synthesis ex.docx
 
Evidence Collection PolicyScenarioAfter the recent secur.docx
Evidence Collection PolicyScenarioAfter the recent secur.docxEvidence Collection PolicyScenarioAfter the recent secur.docx
Evidence Collection PolicyScenarioAfter the recent secur.docx
 
Everyone Why would companies have quality programs even though they.docx
Everyone Why would companies have quality programs even though they.docxEveryone Why would companies have quality programs even though they.docx
Everyone Why would companies have quality programs even though they.docx
 
Even though technology has shifted HRM to strategic partner, has thi.docx
Even though technology has shifted HRM to strategic partner, has thi.docxEven though technology has shifted HRM to strategic partner, has thi.docx
Even though technology has shifted HRM to strategic partner, has thi.docx
 
Even though people are aware that earthquakes and volcanoes typi.docx
Even though people are aware that earthquakes and volcanoes typi.docxEven though people are aware that earthquakes and volcanoes typi.docx
Even though people are aware that earthquakes and volcanoes typi.docx
 
Evaluative Essay 2 Grading RubricCriteriaLevels of Achievement.docx
Evaluative Essay 2 Grading RubricCriteriaLevels of Achievement.docxEvaluative Essay 2 Grading RubricCriteriaLevels of Achievement.docx
Evaluative Essay 2 Grading RubricCriteriaLevels of Achievement.docx
 
Evaluation Title Research DesignFor this first assignment, .docx
Evaluation Title Research DesignFor this first assignment, .docxEvaluation Title Research DesignFor this first assignment, .docx
Evaluation Title Research DesignFor this first assignment, .docx
 
Evaluation is the set of processes and methods that managers and sta.docx
Evaluation is the set of processes and methods that managers and sta.docxEvaluation is the set of processes and methods that managers and sta.docx
Evaluation is the set of processes and methods that managers and sta.docx
 
Evaluation Plan with Policy RecommendationAfter a program ha.docx
Evaluation Plan with Policy RecommendationAfter a program ha.docxEvaluation Plan with Policy RecommendationAfter a program ha.docx
Evaluation Plan with Policy RecommendationAfter a program ha.docx
 
Evaluating 19-Channel Z-score Neurofeedback Addressi.docx
Evaluating 19-Channel Z-score Neurofeedback Addressi.docxEvaluating 19-Channel Z-score Neurofeedback Addressi.docx
Evaluating 19-Channel Z-score Neurofeedback Addressi.docx
 
Evaluate the history of the Data Encryption Standard (DES) and then .docx
Evaluate the history of the Data Encryption Standard (DES) and then .docxEvaluate the history of the Data Encryption Standard (DES) and then .docx
Evaluate the history of the Data Encryption Standard (DES) and then .docx
 
Evaluate the Health History and Medical Information for Mrs. J.,.docx
Evaluate the Health History and Medical Information for Mrs. J.,.docxEvaluate the Health History and Medical Information for Mrs. J.,.docx
Evaluate the Health History and Medical Information for Mrs. J.,.docx
 
Evaluate the environmental factors that contribute to corporate mana.docx
Evaluate the environmental factors that contribute to corporate mana.docxEvaluate the environmental factors that contribute to corporate mana.docx
Evaluate the environmental factors that contribute to corporate mana.docx
 

Recently uploaded

BBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview TrainingBBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview Training
Katrina Pritchard
 
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptxNEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
iammrhaywood
 
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptxRESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
zuzanka
 
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) CurriculumPhilippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
MJDuyan
 
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptxPrésentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
siemaillard
 
UGC NET Exam Paper 1- Unit 1:Teaching Aptitude
UGC NET Exam Paper 1- Unit 1:Teaching AptitudeUGC NET Exam Paper 1- Unit 1:Teaching Aptitude
UGC NET Exam Paper 1- Unit 1:Teaching Aptitude
S. Raj Kumar
 
Benner "Expanding Pathways to Publishing Careers"
Benner "Expanding Pathways to Publishing Careers"Benner "Expanding Pathways to Publishing Careers"
Benner "Expanding Pathways to Publishing Careers"
National Information Standards Organization (NISO)
 
Stack Memory Organization of 8086 Microprocessor
Stack Memory Organization of 8086 MicroprocessorStack Memory Organization of 8086 Microprocessor
Stack Memory Organization of 8086 Microprocessor
JomonJoseph58
 
HYPERTENSION - SLIDE SHARE PRESENTATION.
HYPERTENSION - SLIDE SHARE PRESENTATION.HYPERTENSION - SLIDE SHARE PRESENTATION.
HYPERTENSION - SLIDE SHARE PRESENTATION.
deepaannamalai16
 
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptxBIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
RidwanHassanYusuf
 
Level 3 NCEA - NZ: A Nation In the Making 1872 - 1900 SML.ppt
Level 3 NCEA - NZ: A Nation In the Making 1872 - 1900 SML.pptLevel 3 NCEA - NZ: A Nation In the Making 1872 - 1900 SML.ppt
Level 3 NCEA - NZ: A Nation In the Making 1872 - 1900 SML.ppt
Henry Hollis
 
Film vocab for eal 3 students: Australia the movie
Film vocab for eal 3 students: Australia the movieFilm vocab for eal 3 students: Australia the movie
Film vocab for eal 3 students: Australia the movie
Nicholas Montgomery
 
مصحف القراءات العشر أعد أحرف الخلاف سمير بسيوني.pdf
مصحف القراءات العشر أعد أحرف الخلاف سمير بسيوني.pdfمصحف القراءات العشر أعد أحرف الخلاف سمير بسيوني.pdf
مصحف القراءات العشر أعد أحرف الخلاف سمير بسيوني.pdf
سمير بسيوني
 
spot a liar (Haiqa 146).pptx Technical writhing and presentation skills
spot a liar (Haiqa 146).pptx Technical writhing and presentation skillsspot a liar (Haiqa 146).pptx Technical writhing and presentation skills
spot a liar (Haiqa 146).pptx Technical writhing and presentation skills
haiqairshad
 
Pharmaceutics Pharmaceuticals best of brub
Pharmaceutics Pharmaceuticals best of brubPharmaceutics Pharmaceuticals best of brub
Pharmaceutics Pharmaceuticals best of brub
danielkiash986
 
Standardized tool for Intelligence test.
Standardized tool for Intelligence test.Standardized tool for Intelligence test.
Standardized tool for Intelligence test.
deepaannamalai16
 
Wound healing PPT
Wound healing PPTWound healing PPT
Wound healing PPT
Jyoti Chand
 
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
Nguyen Thanh Tu Collection
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
Nguyen Thanh Tu Collection
 
math operations ued in python and all used
math operations ued in python and all usedmath operations ued in python and all used
math operations ued in python and all used
ssuser13ffe4
 

Recently uploaded (20)

BBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview TrainingBBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview Training
 
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptxNEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
 
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptxRESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
 
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) CurriculumPhilippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
 
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptxPrésentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
 
UGC NET Exam Paper 1- Unit 1:Teaching Aptitude
UGC NET Exam Paper 1- Unit 1:Teaching AptitudeUGC NET Exam Paper 1- Unit 1:Teaching Aptitude
UGC NET Exam Paper 1- Unit 1:Teaching Aptitude
 
Benner "Expanding Pathways to Publishing Careers"
Benner "Expanding Pathways to Publishing Careers"Benner "Expanding Pathways to Publishing Careers"
Benner "Expanding Pathways to Publishing Careers"
 
Stack Memory Organization of 8086 Microprocessor
Stack Memory Organization of 8086 MicroprocessorStack Memory Organization of 8086 Microprocessor
Stack Memory Organization of 8086 Microprocessor
 
HYPERTENSION - SLIDE SHARE PRESENTATION.
HYPERTENSION - SLIDE SHARE PRESENTATION.HYPERTENSION - SLIDE SHARE PRESENTATION.
HYPERTENSION - SLIDE SHARE PRESENTATION.
 
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptxBIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
 
Level 3 NCEA - NZ: A Nation In the Making 1872 - 1900 SML.ppt
Level 3 NCEA - NZ: A Nation In the Making 1872 - 1900 SML.pptLevel 3 NCEA - NZ: A Nation In the Making 1872 - 1900 SML.ppt
Level 3 NCEA - NZ: A Nation In the Making 1872 - 1900 SML.ppt
 
Film vocab for eal 3 students: Australia the movie
Film vocab for eal 3 students: Australia the movieFilm vocab for eal 3 students: Australia the movie
Film vocab for eal 3 students: Australia the movie
 
مصحف القراءات العشر أعد أحرف الخلاف سمير بسيوني.pdf
مصحف القراءات العشر أعد أحرف الخلاف سمير بسيوني.pdfمصحف القراءات العشر أعد أحرف الخلاف سمير بسيوني.pdf
مصحف القراءات العشر أعد أحرف الخلاف سمير بسيوني.pdf
 
spot a liar (Haiqa 146).pptx Technical writhing and presentation skills
spot a liar (Haiqa 146).pptx Technical writhing and presentation skillsspot a liar (Haiqa 146).pptx Technical writhing and presentation skills
spot a liar (Haiqa 146).pptx Technical writhing and presentation skills
 
Pharmaceutics Pharmaceuticals best of brub
Pharmaceutics Pharmaceuticals best of brubPharmaceutics Pharmaceuticals best of brub
Pharmaceutics Pharmaceuticals best of brub
 
Standardized tool for Intelligence test.
Standardized tool for Intelligence test.Standardized tool for Intelligence test.
Standardized tool for Intelligence test.
 
Wound healing PPT
Wound healing PPTWound healing PPT
Wound healing PPT
 
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
 
math operations ued in python and all used
math operations ued in python and all usedmath operations ued in python and all used
math operations ued in python and all used
 

Cybersecurity Research Paper instructionsSelect a research topic.docx

  • 1. Cybersecurity Research Paper instructions Select a research topic from the list below. After selecting your topic, research the incident using news articles, magazine articles (trade press), journal articles, and/or technical reports from government and industry. TJ Maxx Security breach For a grade of A, a minimum of five authoritative sources are required. Your research is to be incorporated into the students' 3- to 5- page written analysis of the attack or incident. Your report is to be prepared using basic APA formatting (see below) and submitted as an MS Word attachment to the Cybersecurity Research Paper entry in your assignments folder. This paper must be plagiarism free. I will have to turn it in using turnitin.com! Below is one source that should be used for this paper. I will also send the full text pdf for the source. Source 1 Berg, G. G., Freeman, M. S., & Schneider, K. N. (2008). Analyzing the TJ Maxx Data Security Fiasco. CPA Journal, 78(8), 34-37. A C C O U N T I N G & A U D I T I N G a u d i t i n g Analyzing the TJ Maxx Data Security Fiasco Lessons for Auditors
  • 2. By Gary G. Berg. Michelle S. Freeman, and Kent N. Schneider I n January 2007, TJX Companies,Inc. (TJX), the parent company ofretail chains such as T,J. Maxx and Marshalls, issued a press release announc- ing that its computer systems had been breached and that customer information had heen stolen. As the investigation into the crime continued during 2007, estimates of the number of customers affected sky- rocketed. Other reports indicated that at least 94 million Visa and MasterCard accounts had been compromised, with loss- es projected to approach $4.5 biilion. As expected, Visa and MasterCard are seek- ing to recoup these losses from TJX. The sheer scale of the security breach should cause auditors to wonder about the impli- cations for their professional practice. What Went Wrong at TJX? Investigations into the TJX case appear to indicate that the company was not in compliance with the Payment Card Industry (PCI) data security standards established in 2004 by American Express, Discover Financial Services. JCB. MasterCard Worldwide, and Visa Intemational. Repxirts identified three major areas of vulnerability: inadequate wireless network security, improper storage of customer data, and failure to encrypt cus- tomer account data.
  • 3. Inadequate wireless network security. The store where the initial breach occurred was using a wireless network that was inadequately secured. Specifically, the net- work was using a security protocol known as wired equivalent privacy (WEP), One problem with WEP security is that it is easy to crack. In fact, researchers at Darmstadt Technical University in Germany have demonstrated that a WEP key can be broken in less than a minute. More important. WEP does not satisfy industry standards that require the use of the much stronger WPA (Wi-Ei Protected Access) protocol. After breaking into the store's network, the hackers then breached security at the corporate headquarters and Security Standard 3.2 clearly states that after payment authorization is received, a merehant is not to store sensitive data, such as the CVC. PIN. or full-track infonnation. Exhibit I shows a comparison of key data items believed to have been stored by TJX, obtained the customer account information stored there. According to a May 4, 2007, Wall Street Joumal article, the intruders had access to the TJX records for 18 months without being detected. Improper storage of customer daia. The TJX data storage practices also appear to have violated industry standards. Reports
  • 4. indicate that the company was storing the full-track contents scanned from each customer's card. Moreover, customer records appear to have included the card- validation code (CVC) number and the per- sonal identification numbers (PIN) associ- ated with the customer cards. PCI Data along with the relevant PCI standards. Most likely. TJX did not retain this information with malicious intent. The company may have been using older point- of-sale (POS) software that had been designed to capture all card data and that could not be reconfigured to comply with PCI standards. This problem has been linked to credit-card security breaches at other retailers. Another possibility is that the POS software was adequate, but improperly configured. Failure to encrypt customer data. Even if the hackers had been able to infiltrate the TJX corporate network and access the 34 AUGUST 2008 / THE CPA JOURNAL improperly stored customer records, it is likely that no harm would have resulted, had the customer data been securely encrypted. Given the large number of fraudulent transactions traced back to the TJX breach, it is obvious that either the data had not been
  • 5. encrypted, or the hackers stole the encryp- tion key. In either case, industry standards were not maintained hy TJX. PCI Data Sectirity Standard 3.4 i-et]uires that at min- imum, the customer's "primary account number" (i.e.. the customer's card number) be "rendered unreadable.'' Furtheniiore. PCI Data Security Standards 3.5 and 3.6 nitjuire merchants to pnMect tlie encryption keys used for protecting customer data from disclosure and misuse. How the TJX Breach Affects Audit Practices At firNt. the TJX fiasco appears to offer an object lesson for retailers" IT departments, rather tkui auditors. After all, aistomeni' cred- it card numbeis are not the retailer's asset to protect; rather, the sales transaction itself is what accounting intentai controls have tradi- tionally sought to secure. With the atlvent of Statement on Auditing Standaitl (SAS) 109, UnderstíUKÜng ¡Iw Entity and ¡ts Envimntnent and Assessing the Risks of Material Misstatemctu. internal control clearly extends beyond protecting one's own assets. SAS 109 requires auditors to "audit die business, and not just the books'" when evaluating the risks of a client's financial statements containing a material misstate- ment. Specifically, SAS 109 requires an understanding of: 1 ) the entity and its envi- ronment: 2) the entity's intemal control
  • 6. environment: and 3) susceptibility of the entity's ñnancial statements to material misstatement resulting from liabilities. Understanding the entity and its envi- ronment. RetaileiN ciinnot continue to oper- ate by kxïking after only their own assets. as seen in the TJX debacle. Customer cred- it and debit card information is a valued target of data thieves. Technology bas made purchasing information more valu- able than actual cuirency. because it can be used to nin up huge bills for the origi- nal cardholders. These victims are left with the lengthy, painful task of restoring their good credit ratings. To protect against data theft, consumers can refrain from using debit and credit cards (an inconvenient option), or refrain from shopping at stores that suffer data breaches. In other words, it is ultimately in the best interest of retailers to follow industry standards and protect customer credit and debit card records. Understanding the entity s intemal con- trol environment. In the digital economy. retailers must implement both physical and electronic controls. For example, stores should have physical control over the cred- it card scanners at checkout Itxrations by bolting them to the counter. Otherwise, a thief could replace a retailer's scanner with an identical-looking scanner that also stores scanned customer infonnation on a hidden
  • 7. ^JVlinutes FOCUSED LEGAL COUNSEL *': a IN nüUH Ja • we are a law firm, that's all. we form california incorporation Determine Name Avallabiitty and Reserve Nar^e Prepare and File Articles/Certificate of Formation Ail Secretary of State Filing Fees Custom Bylaws Custom Organizational Minutes, authorizing the election ot officers and directors, establishment of bartk accounts, issuance of stock, and other matters Preparation and Issuance of Share Certificates Statement ol Information and Filing Fees Preparation ol 25iO2(f) Certificate and Filing Fees'
  • 8. Prepare 1RS Form SS-4 and Obtain Tax Identification Na Prepare and Rle IHS Form Z553 (NY State CT-6) to make "S" Election Ancillary Documents, including Pmmissory Notes. Medical E<pense Reimbursement Plan, Employment Agreement Resident Agent Services for one year Follow up to ensure all documents are prtqierlY signed, filed, fees are paid, ano formation is properly completed Experienced Counsel handling every formation and avaiiable to consult on aii aspects of the process Corporate Kit Seal, and duplicate Set of Documents on CO Accountan! Copy of AN Documents Delivered on CD-ROM eMinutes Entity Management System (with online document iihrary. real-time monitoring ot corporate deadiines) via secure web-based Interface Automatic Enrollment tn Annual Minutes System i/ x/ x/ • •
  • 9. x/ * / and maintain entities. non-lawyer delaware new york ! incorporation ncorporation incorpora lion online service ^/ i / ^ n/a n/B • I %/ x/ i / */ s/ n/a n/a
  • 10. • • ^^ ^^ ^^ ê ^ t/ Cost 'For capitaliistiDn up to $100,000 J E 4 ? Í ! I ) aS.A7>tí' ét^Ít Admitted to practice law in Callfornia and New York, www.eMinutes.com Toil-Free 877 UNGERLAW AUGUST 2008 / THE CPA JOURNAL 35 chip. Later, the thief could retum to the store and switch scanners again, walking away with the customer data accumulated in the interim. Understatiding the risk of material mis- statement resulting from contingent lia- bilities. Although customer purchasing infomiation is not an asset of the retailer, possession of that information imposes great responsibility on the retailer, and fail- ure to protect that information can result in huge liabilities.
  • 11. EXHIBIT 1 Suspected TJX Data Retention Practice Compared with PCI Standards Î; Cardholdar Data LP Sensitive Authentication Datât Data hern Primary Account Number (PAN) Cardholder Name* Service Code* Expiration Date* Full Magnetic Stripe CVC2yCW2/CID PIN/PIN Block Data Retained by TJX Yes
  • 12. Yes Yes Yes Yes Yes Yes PCI Retention Standards Yes Yes Yes Yes No No No * Must be protected if stored in conjunction with PAN. [. t Sensitive authenticaton data must not be stored after authorization (even if encrypted]. EXHIBIT 2
  • 13. Auditor's Checklist Exposure to Contingent Liabilities from Theft of Customer Data Is there wireless access to the company's network? Is the company's wireless network secured using WPA encryption and a strong password? Does it conform to PCI standards? Are the company's data storage practices and security over stored customer data reasonable? Does the company have reasonable data-retention policies and practices? Does the company retain customer data for a reasonable length of time? Are policies in place to notify customers of possible security breaches? Does the company conduct background checks on employees? Does the company train employees on the importance 1 of maintaining confidentiality of customer data? Higher
  • 15. Yes Yes Yes One source of potential liability is the contracts that the retailer makes with card issuers in order for the store to accept cred- it and debit cards as payment for iransac- tions. Typically, these contracts require that merchants comply with PCI Data Security Stiindards. Failure to comply with the stan- dai'ds exposes a merchant to two types of liability. First, the contract with the card issuer provides for substantial penalties if the merchant does not comply with PCI standard.s. Second, and more significant- ly, merchants ai'e subject to "push-back" liability for damages suffered by the card issuer as a result of the merchant's data breach. These tosses sustained by card issuers include not only the fraudulent charges made on the accounts of the vic- tims of identity theft, but also the admin- istrative costs associated with the issutmce of new cards to cu.stomers whose person- al infomiation may have been compro- mised. For TJX. the bulk of its liability will likely result from such push-back losses sustiiined by issuers. Another source of risk to retailers is the growing number of state laws regard- ing notification of security breaches.
  • 16. According to the National Conference of State Legislatures "State Security Breach Notification Laws" webpage (w ww.ncsi.org/programs/lis/cip/priv/ breachlaws.htm), as of May I, 2008, at least 42 states, the District of Columbia, and Puerto Rico have legislation requir- ing notification of security breaches involving personal infomiation. The New York statute (New York State General Busine.ss Law section 899- aa. subsections 2 and 3) is fairly typical. It applies to any New York businesses that own, license, or maintain computer- ized data containing "private informa- tion," such as an individual's Social Security number, driver's license num- ber, or account number, along with the required access code or password need- ed to permit access to an individual's financial account. These businesses must notify any New York resident whose private information was acquired, or believed to have been acquired, by someone without valid authorization. If the business fails to promptly notify the affected parties, the statute authorizes damages for actual costs or losses, includ- ing "consequential financial losses" [New 3 6 AUGUST 2008 / THE CPA JOURNAL York State General Business Law section
  • 17. 8')9-aa, subsection 6{a)j. What Auditors Can Learn from the TJX Fiasco When evaluating the risks iissociated with a retailer's btisiness, valuable lessons can be leiuiied from the mistakes of TJX. Altliough TJX is a huge organiration, these risks are equally applicable to mom-and-pop opera- tions. Exhibit 2 summarizes these lessons. First, check to see if there is wireless access to the company network. Even if company policy prohibits wireless routers, a renegade router installed by an employee may be connected. If wire- less access does exist, evaluate the type of encryption used by the router. Make sure that a method prescribed by PCI standards, such as WPA or WPA2, is in use. Under no circumstances should WEP encryption be used. In addition, evaluate the strength of the log-on password and make sure that the router doesn't broad- cast its network name or service set iden- tifier (SSID). Where practical, the authors recommend configuring the router to restrict access to specific computers, using the unique media access control (MAC) address assigned to eaeh autho- rized computer. Second, evaluate the company's data storage practices and security for stored
  • 18. customer data. Ascertain that the com- pany complies with PCI security stan- dards and is not retaining excess data scanned from customer credit and debit cards. Under no circumstances should a merchant retain a customer's debit card PIN. Also, make sure that customer dala stored by the retailer are encrypted using a strong key. Finally, review the company's data- retention [xilicies and practices. Make sure die merchiuit divs not retain ctistomer data any longer than permitted by the card issuers. Even better, do not retain data any longer than necessiuy to dtK'ument the underlying transaction. Ensure that policies lu-e in place to notify customers of possi- ble security breaches and that a prtx;ess is in place to implement the policies if a breach occurs. Ultimately, the security of a company's infonnation system relies upon the com- petency and honesty of its employees. Therefore, it is important lo conduct background checks on employees and to train them about tlie possibility of securi- ty breaches and how to avoid them. Ü Gary G. Berg, PhD, CPA, is an associ- ate professor of accountancy at East Teiini's.see State University. Jolm.wn City. Tenn. Michelle S. Freeman, EdD, CPA (inaetive), is an assistant professor of lyusi-
  • 19. ness administration at Tusculwn College. Grecneville. Tenn. Kent N. Schneider, JD, CPA, is a professor of accountancy, also at East Tennessee Stale University, Johnson City, Tenn. Personal Financial Planning Community SAVE Join the AICPA Personal Financial Planning Membership Section 1st Edition! Get a discount on the AICPA Moss Adams PFP Planning Practice Study Access Forefield Advisor, a world-class client education and communication tool {$399 value) Stay informed about PFP legislation and developments Receive valuable resources, templates and turnkey client tools tailored for CPA financial planners Attend Web seminars on cutting-edge topics SAVE $200 Become a CPA Personal Financial Specialist Credential Holder (PFS) Enjoy complimentary membership in the PFP Section
  • 20. Differentiate yourself from other financial planners: only a CPA can become a PFS Access marketing tools to promote yourself and increase new business Receive media training and opportunities to participate in public relations activities Network with other thought leaders in the industry :AICPA: Menlion ptonio code RHX Questions? e-mail [email protected] ISO Certified AUGUST 2008 / THE CPA JOURNAL 37