



Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Physical Access SecurityCIS560: Security Access/Control StrategyArticle 1: Absa bank embroiled in data leak The first article I selected highlights the security breach that occurred at Absa bank. Absa is a South-Africa based financial services group that provides both business and personal banking along with wealth management services. They currently hold assets in excess of $91 billion. As such, this makes them a desirable target for theft and fraud. Absa notified its clients and customers of an oisolated internal data leak? via email on Monday November 30th, 2020. They did not release when this leak was discovered, nor have they been able to pinpoint when the data leak started. Absa determined that personally identifiable information (PII) was included in the breach. This includes ID numbers unique to accounts, home addresses, account numbers, and other sensitive information was externally leaked. It is not known how many banking customers were impacted from the attack, but Absa pla
Typology: Lecture notes
1 / 7
This page cannot be seen from the preview
Don't miss anything!




Running header: Physical Access Security Physical Access Security CIS560: Security Access/Control Strategy Article 1: Absa bank embroiled in data leak The first article I selected highlights the security breach that occurred at Absa bank. Absa is a South-Africa based financial services group that provides both business and personal
Physical Access Security banking along with wealth management services. They currently hold assets in excess of $ billion. As such, this makes them a desirable target for theft and fraud. Absa notified its clients and customers of an “isolated internal data leak” via email on Monday November 30th, 2020. They did not release when this leak was discovered, nor have they been able to pinpoint when the data leak started. Absa determined that personally identifiable information (PII) was included in the breach. This includes ID numbers unique to accounts, home addresses, account numbers, and other sensitive information was externally leaked. It is not known how many banking customers were impacted from the attack, but Absa plans to collect a random pool of customer accounts to verify recent transfers. If anything seems suspicious or out of the ordinary, Absa will contact those clients to verify those transactions. There is currently no knowledge of the financial impact that was taken, but additional security measures are being taken. The financial services group has blamed the incident on a rouge employee. Criminal charges have been brought against the individual responsible. It is also noted that data was found on devices and those devices have since been destroyed. This incident comes at a time after the company was named the Non-profit team of the year in the 2020 Cyber Security Awards. This incident could have been prevented or at least minimized with some intervention between the rogue employee and management. Typically, management should be alerted of an employee who is running into issues on the job. It usually starts with dissatisfaction in the workplace, unsolicited harassment from others, or extreme opinion on job responsibilities. These people who raise these red flags consistently may end up being the ones who commit violations within the workplace. This could have been caught and addressed with the employee. Even if this employee was terminated, their access should have been removed immediately. This stems
Physical Access Security This has resulted in millions of dollars in payout and restitution, including $180 million for all payouts. Upon entering this compliance agreement, they are required to make payments to the states in which they filed with. These payments are still being tallied but have already passed $ million. This is a huge financial hit for Home Depot. Now that state and federal lawsuits are involved, upper management understands that they cannot simply pay their way out of this. They have heightened security obligations that they must meet. They are required to appoint a Chief Information Security Office who will be responsible for implying and maintaining their security program. They’ll have a direct line of management to report to along with a designated team for support. I’m surprised that Home Depot, as large as they are, did not already have this in place. This move seems very irresponsible and reactive of them. This enterprise should have implemented something like this well in advanced to prevent such incident from happening. Additional requirements for the Home Depot include new encryption policies, PCI-DSS compliance, and improved audit policies. Their laundry list of safeguards displays their lack of information security as a whole. Both employees and customers have been in high risk this entire time of data breach. This is gross neglect of company safeguarding, and I hope that the Home Depot finds this as a sobering wake up call.
Physical Access Security https://www.natlawreview.com/article/data-breaches-can-cost-plus-ongoing-obligations-ask- home-depot-lessons-and-takeaways Article 3: Kmart suffers ransomware attack Kmart is already seeing struggles as a business, exacerbated by the COVID 19 pandemic. Kmart announced that they suffered a ransomware attack last week. The incident involved encrypted devices and servers that were connected to the company’s networks. From there, the devices were able to eliminate back-end servers and gain access to the network. The note that was left indicated that the Windows domain was compromised. No definite details were released about what kind of information was taken or compromised. In an attempt to save Kmart financially, the company was purchased by Transformco in
Physical Access Security Lastly, security testing is never mentioned in these data breaches. All of these new initiatives and practices can be put into play, but extensive testing needs to be done to assess the risk both internally and externally. In the event of major data breaches, it is understandable that first priority is to stop the bleeding. Access control does not stop there. CIOs and their staff have to learn to heal these wounds properly by testing the strategies that have been put in place. The recovery plan needs to be tested both on a technological level and a human one. Your staff needs to understand what they can do to mitigate the attack while and after it has happened. This will help further build that security culture.