Identify five mitigation that wyndham could have implemented, Other Subject

+44 141 628 6080
[email protected]

Identify five mitigation that wyndham could have implemented

Problem

Wyndham Worldwide Corporation, which owns a global chain of hotels and resorts, suffered three data breaches in 2008 and 2009. Those breaches compromised the credit card information of more than 619,000 Wyndham customers.

The data breaches took place when hackers invaded the network of one of Wyndham's subsidiary companies. The entire Wyndham Hotel franchise used a common database system to collect customer information. In the first breach, hackers were able to gain access to Wyndham's corporate network via the subsidiary. In that breach, they installed memory-scraping malware on the Wyndham network servers and accessed consumer files in the common data database system. In the attack, more than 500,000 credit card numbers were exported to a Russian website.

The second breach took place almost a year later and used many of the same techniques used in the first breach. The hackers again installed memory scraping malware. They also reconfigured software to obtain clear text files of credit card numbers for Wyndham guests. The third breach took place about six months after the second breach, again using many of the same techniques as the first breach.

The Federal Trade Commission (FTC) investigated Wyndham's security practices following the breach. The FTC argued that Wyndham had a privacy policy that said that it took reasonable security measures to protect customer information. The FTC said that because Wyndham had been breached, these data security practices were deceptive and unfair.

In its complaint, the FTC alleged that much of the customer information in the Wyndham database was not encrypted, including credit card information. The FTC also alleged that Wyndham didn't have adequate firewalls, didn't patch its IT systems regularly, and allowed the use of default usernames and passwords to access its IT infrastructure.

Task

a) Identify three to five PCI DSS requirements that Wyndham is alleged to have violated.

b) Identify three to five mitigations that Wyndham could have implemented to prevent the same losses from occurring again.

Request for Solution File

Ask an Expert for Answer!!

Other Subject: Identify five mitigation that wyndham could have implemented

Reference No:- TGS03241918

Have a Question? (oR Write a Review)

Recent Questions Asked Other Subject

Q : How were your results similar from what your peers found

Q : Define the terms confusion and diffusion

Q : How does a network-based idps differ from a host-based idps

Q : Which system device must you target for evidence collection

Q : Identify five mitigation that wyndham could have implemented

Q : How to improve information security and personnel security

Q : Discuss the positive and negative challenges faced

Q : What are the prevalence and neurobiology of bipolar i

Q : Prepare a nursing care plan

What is true about global rates of obesity

Preparing for emerging digital health technology

How to reduce swelling and mucus production in airways

Briefly describe the purpose of the nutritional assessment

When preparing to administer sodium nitroprusside

Nurse reviewing high concentrations of methotrexate

Why is nursing theory important in research