Identify five mitigation that wyndham could have implemented


Problem

Wyndham Worldwide Corporation, which owns a global chain of hotels and resorts, suffered three data breaches in 2008 and 2009. Those breaches compromised the credit card information of more than 619,000 Wyndham customers.

The data breaches took place when hackers invaded the network of one of Wyndham's subsidiary companies. The entire Wyndham Hotel franchise used a common database system to collect customer information. In the first breach, hackers were able to gain access to Wyndham's corporate network via the subsidiary. In that breach, they installed memory-scraping malware on the Wyndham network servers and accessed consumer files in the common data database system. In the attack, more than 500,000 credit card numbers were exported to a Russian website.

The second breach took place almost a year later and used many of the same techniques used in the first breach. The hackers again installed memory scraping malware. They also reconfigured software to obtain clear text files of credit card numbers for Wyndham guests. The third breach took place about six months after the second breach, again using many of the same techniques as the first breach.

The Federal Trade Commission (FTC) investigated Wyndham's security practices following the breach. The FTC argued that Wyndham had a privacy policy that said that it took reasonable security measures to protect customer information. The FTC said that because Wyndham had been breached, these data security practices were deceptive and unfair.

In its complaint, the FTC alleged that much of the customer information in the Wyndham database was not encrypted, including credit card information. The FTC also alleged that Wyndham didn't have adequate firewalls, didn't patch its IT systems regularly, and allowed the use of default usernames and passwords to access its IT infrastructure.

Task

a) Identify three to five PCI DSS requirements that Wyndham is alleged to have violated.

b) Identify three to five mitigations that Wyndham could have implemented to prevent the same losses from occurring again.

Request for Solution File

Ask an Expert for Answer!!
Other Subject: Identify five mitigation that wyndham could have implemented
Reference No:- TGS03241918

Expected delivery within 24 Hours