A Case Study of the Capital One Data Breach
In an increasingly regulated world, with companies prioritizing a big part of their budget for expenses with cyber security protections, why have all of these protection initiatives and compliance standards not been enough to prevent the leak of billions of data points in recent years? New data protection and privacy laws and recent cyber security regulations, such as the General Data Protection Regulation (GDPR) that went into effect in Europe in 2018, demonstrate a strong trend and growing concern on how to protect businesses and customers from the significant increase in cyberattacks. Does the flaw lie in the existing compliance requirements or in how companies manage their protections and enforce compliance controls? The purpose of this research was to answer these questions by means of a technical assessment of the Capital One data breach incident, one of the largest financial institutions in the U.S. This case study aims to understand the technical modus operandi of the attack, map out exploited vulnerabilities, and identify the related compliance requirements, that existed, based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework, version 1.1, an agnostic framework widely used in the global industry to provide cyber threat mitigation guidelines. The results of this research and the case study will help government entities, regulatory agencies, and companies to improve their cyber security controls for the protection of organizations and individuals
Year of publication: |
2020
|
---|---|
Authors: | Novaes Neto, Nelson |
Other Persons: | Madnick, Stuart (contributor) ; Moraes G. de Paula, Anchises (contributor) ; Malara Borges, Natasha (contributor) |
Publisher: |
[2020]: [S.l.] : SSRN |
Saved in:
freely available
Extent: | 1 Online-Ressource (21 p) |
---|---|
Series: | |
Type of publication: | Book / Working Paper |
Language: | English |
Notes: | Nach Informationen von SSRN wurde die ursprüngliche Fassung des Dokuments March 1, 2020 erstellt |
Other identifiers: | 10.2139/ssrn.3570138 [DOI] |
Source: | ECONIS - Online Catalogue of the ZBW |
Persistent link: https://www.econbiz.de/10012837711
Saved in favorites
Similar items by person
-
Institutions for Cyber Security: International Responses and Global Imperatives
Choucri, Nazli, (2014)
-
Huang, Keman, (2021)
-
Measuring Innovation Using Bibliometric Techniques: The Case of Solar Photovoltaic Industry
Vidican, Georgeta, (2009)
- More ...