CIS552 Week 7 Case Study: Heartland Breach
I do not believe that simply adhering to regulations such as PCI is enough to protect a company for breaches such as the Heartland Breach. When the Payment Card Industry Data Security Standard (PCI DSS) was introduced, the main purpose of the PCI DSS was to optimize and protect the cardholders’ personal information in relation to cash, credit and debit card transactions. This was to be established by putting into place a set of policies and procedures that would help protect and keep cardholders personal payment information safe.
It is abundantly clear that the PCI DSS standards alone are not sufficient enough to keep the personal payment information safe. The reasons why can be summed up in a single sentence that Matt Pauker, the co-founder of the US based firm Voltage Security stated, "Achieving PCI compliance does not imply that a business has achieved real security,". PCI does not even require that cardholders’ data be encrypted on an internal network, which in itself is an issue. (Ashford, 2009)
I do believe that companies should formulate and base their security controls off of the anti-cybercrime techniques. There are so many different types of cybercrime that are threats today, but with the right security controls in place, nearly all of the breaches that could result can be prevented with the use of proper cybercrime techniques. Simply installing anti-virus software can also help protect against attacks. Most antivirus software out there today includes some additional features that could help but are often overlooked. (Judge, 2013)
There are many security controls that can help prevent breaches such as the Heartland breach from taking place. I have chosen three security controls that I feel would help based on the research I have found regarding the Heartland breach. The first technique would be to map the network with a tool such as...