Milestone 4
In Milestone 4 you are going to create a PowerPoint presentation that evaluates your previous 3 milestones. The PowerPoint presentation is a minimum of 8 slides that analyze all the major findings from your research. The title and reference slide does not count toward the presentation. You must properly APA format the slide. Utilize all the guidance from the residency to develop your PowerPoint presentation.
Note: Previous Milestones 1,2 and 3 are attached to the work.
Running head: Capital One 1
Preventing Capital One Breach
Name: Rakesh Kalumula
Id: 002836752
2
The administrative factor that led to the security incident in the capital one left out a lot of
questions on how the intruder got in without the administration coming to notice. The capital one
data breach investigations took place and found that a Seattle resident by the name Paige
Thompson. She was involved in the computer fraud that led her to access about one hundred
million applications of credit cards and getting access to other data that was made possible
through the misconfigured firewall (Novaes Neto, 2020).
Thompson executed a command which later retrieved all security credentials for all the
administration account, which enabled her to copy more than seven hundred folders that were
hoisted by the amazonmaking confusion of how all this was made without the knowledge of
the administration. The administrative factors that were not secured led to this breach because
the capital one was not monitoring the credit cards and identifying protections to its members
over and over. Freezing of credit cards should be carried to ensure that if someone else tries to
access other people’s accounts, they will have to give passwords so that they access them. The
administration should also be proactive towards cybersecurity and give out knowledge to their
members about the cyber-attacks (Rao, 2016).
The physical control that led to this breach was that the capital one breach would have been
caused because there was no enough performance in monitoring services by the organization.
Thus if the organization did this, then they would have noted that they were being attacked.
Hence organizations are supposed to use available tools or monitor the systems consistently and
diligently because they are not supposed to assume the data integrity (Vorobiev, 2017).
3
Some of the technical issues that affected the capital one organization were that they did not use
appropriate software-defined perimeter type of technology. Thus they assumed they would not
have problems that made them not closing their cloud environment and software as a service for
access through their own devices, location, and users. Avoiding all these technical issues will
never be an effect on the capital one breach or to any organization (Novaes Neto, 2020).
Organizations should also be aware of their weakness and strengths. They should be able to fix
their weakness so that it wont be known to the outside people or hackers. This will be of benefit
since the hackers will not use their weakness to them so that they can cause breaches to an
organization (Rao, 2016).
4
REFERENCES
Novaes Neto, N., Madnick, S., de Paula, M. G., & Malara Borges, N. (2020). A Case Study of
the Capital One Data Breach (Revised).
Vorobiev, E. G., Petrenko, S. A., Kovaleva, I. V., & Abrosimov, I. K. (2017, May). Analysis of
computer security incidents using fuzzy logic. In 2017 XX IEEE International
Conference on Soft Computing and Measurements (SCM) (pp. 369-371). IEEE.
Rao, B. T. (2016). A study on data storage security issues in cloud computing. Procedia
Computer Science, 92, 128-135. Running head: MITIGATION OF SECURITY INCIDENT 1
Mitigation of Security Incident
Name: Rakesh Kalumula
Student Id: 002836752
MITIGATION OF SECURITY INCIDENT 2
Mitigation of Security Incident
The information technology has taken the world by storm, with a precedent pace in the
applications being conducted. Numerous benefits have come with the use of these technologies
with companies resorting to using these technologies to achieve their milestones. However, some
disadvantages have come with these advances; data breach cases have been rampant with the
Capital One case being the most vivid in this regard. The digital fraud that led to external access
of more than a hundred million clients` data being at risk meant that the impact was devastating.
Therefore, this paper calls for some of the most effective ways in which the incident would be
mitigated and the damage prevented from taking place.
First, the Capital One incident would have been prevented by the use of the zero-trust
technology coupled with a software-defined technology that only allows authorized individuals.
This is the first measure that should be considered in organizations of this caliber due to the
advances that have taken place in the world (Torkura et al. 2019, September). The organization
has employed people from different walks and its only through the use of strict control and
monitoring digital devices that the management will be able to identify any malicious activities
and prevent further damage from taking place. This would also mean that employees can only
access areas that they are allowed hence limiting chances of unknowingly breaching the facility`s
data.
Secondly, the company should assess the damage, identify the clients whose data was
breached, and initiate appropriate measures. In this regard, it would be important that the
company`s clients are trained in the best ways of having strong passwords. The passwords should
MITIGATION OF SECURITY INCIDENT 3
be strong enough to prevent any entry whenever from an intruder. This would also entail training
the clients on why they have to keep their passwords secret and not to share with anybody so that
they can avoid similar incidents that would put their data at risk (Chowdhury, Lau &
Pittayachawan, 2019).
Thirdly, there is no leaving anything for chances. The Capital One will be mitigated by
having in place a credit monitoring for all the affected clients. Its not clear if the data was used in
the breach but the management should not ignore anything at this level. As a result, both the
management and the clients will have to work hand in hand to ensure that there is no future data
breach. The use of sites like credit karma should be able to make an individual to easily identify
and notify the client of any activity taking place. Therefore, through the use of these alerts the
client and the management should be able to remain updated on any of the activities taking place
and initiate appropriate measures whenever required.
Besides that, the company also advocates for the freezing of the credit accounts to help in
the mitigation of the security incident. This will give the fraudsters a hard time accessing the
account but its not a guarantee that the account is secured. This is because access to one`s driving
license any official document one is likely to be allowed to access the account without the owner`s
consent. Therefore, this is not the most appropriate measure that can be applied at this level but it
helps in delaying the attack from taking place.
Finally, the overall mitigation measure for such incidents is being alerted on all fronts.
Both the clients and the management team have to be alert; this is an issue that requires collective
responsibility. As technology advances the management of these vices becomes complex.
Therefore, to effectively manage and prevent such incidents from taking place its critical that they
MITIGATION OF SECURITY INCIDENT 4
all remain alert and always upgrade their software system with the changes taking place in the
sector (Torkura et al. 2019, September).
In summary, Capital One breach is an incident that would have been prevented if
appropriate security measures were considered. However, due to mistakes committed initially,
there must be the use of appropriate mitigation measures to prevent such incidents in the future.
MITIGATION OF SECURITY INCIDENT 5
References
Chowdhury, P., Lau, K. H., & Pittayachawan, S. (2019). Operational supply risk mitigation of
SME and its impact on operational performance. International Journal of Operations &
Production Management.
Torkura, K. A., Sukmana, M. I., Cheng, F., & Meinel, C. (2019, September). SlingShot-Automated
Threat Detection and Incident Response in Multi Cloud Storage Systems. In 2019 IEEE
18th International Symposium on Network Computing and Applications (NCA) (pp. 1-5).
IEEE. Running head: SECURITY PROTOCOLS 1
Security Protocols
Name: Kalumula Rakesh
Id: 002836752
SECURITY PROTOCOLS 2
CAPITAL ONE
The data breach is an emerging challenge facing individuals, government, and private
sectors due to the advancement of information technology (Manworren, 2016). Data has become
an essential asset in many organizations and thus, increasing pursuit of hackers to access this
database illegally. Organizations have turned their effort in securing the information system;
however, this effort this operation has been undermined by various factors such as advanced
technology that empowers hackers, inside malice, weak system, and irresponsible users. Inside
malice is of the main contributor to a security breach; in this unauthorized access to the database
is facilitated by trusted people making it hard to managecapital One data breach robust
example inside malice.
The Capital One hack was conducted between in March 22 and 23 in 2019; The breach
was detected in June 2019. The system hacker gained access to customers information of almost
106 million clients and applicants. According to the report released by Capital One management,
the breach facilitated compromise of data related to clients’ credit card applications from 2005 to
2019 (Colby, 2019). The personal data exposed in this includes the name, date of birth, credits
scores, address, social security numbers, and transactional data. In a quick response, the firm
notified the clients whose data were exposed and canceled all the credit cards that were believed
to be exposed.
The data breach was conducted by former Amazon Web Service software engineer, Ms.
Thompson Paige. At the time of the attack, AWS hosted the capital One database. FBI
investigators noticed Thompson on her online activities that indicated suspicious activities
revealing data theft. Further, the investigation revealed that she was behind a group social
SECURITY PROTOCOLS 3
network group known as Seattle Warez Kiddies that conducted illicit hacking (Flitter, 2019).
The hacker is believed to be observing the firm data system while she was working at AWS and
identified the security weakness in the Capital One database.
SECURITY PROTOCOLS 4
References
Colby, C. (2019) Capital One data breach: What you can do now following bank hack. Retrieved
by May 30, 2020, from https://www.cnet.com/how-to/capital-one-data-breach-what-you-
can-do-now-following-bank-hack/
Flitter, E.& Weise, K. (2019) Capital One Data Breach Compromises Data of Over 100 Million:
New York Times. Retrieved by May 30, 2020, from
https://www.nytimes.com/2019/07/29/business/capital-one-data-breach-hacked.html
Manworren, N., Letwat, J., & Daily, O. (2016). Why you should care about the Target data
breach. Business Horizons, 59(3), 257-266.
https://www.cnet.com/how-to/capital-one-data-breach-what-you-can-do-now-following-bank-hack/
https://www.cnet.com/how-to/capital-one-data-breach-what-you-can-do-now-following-bank-hack/
