COURSE 7 – CYBERSECURITY CAPSTONE: BREACH RESPONSE CASE STUDIES
Module 2: Point of Sale Breach
IBM CYBERSECURITY ANALYST PROFESSIONAL CERTIFICATE
Complete Coursera Study Guide
INTRODUCTION – Point of Sale Breach
In this module, participants will delve into the intricate realm of Point of Sale (POS) breaches, exploring their implications on organizational integrity and security. Through immersive case studies, learners will gain a comprehensive understanding of the multifaceted impacts these breaches can have on businesses, ranging from financial losses to reputational damage.
This exploration will equip individuals with invaluable insights into the intricacies of cybersecurity, fostering proactive strategies to mitigate risks and safeguard organizational assets in an increasingly digital landscape.
Learning Objectives
- List cybersecurity measures implemented to combat attacks such as those used in the Target and Home Depot breaches
- Describe the cost and impact of the Home Depot PoS breach
- Identify vulnerabilities exploited in the Home Depot PoS breach
- Summarize the timeline of the Home Depot PoS breach
- List best practices for preventing PoS breaches
- Explain what happens to information stolen in a PoS breach
- Identify the different types of PoS malware
- Explain how malware infects PoS devices
- Describe PoS systems, including their security standards
- Explain the objective of a Point-of-Sale (PoS) breach
INTRODUCTION TO POINT OF SALE ATTACKS KNOWLEDGE CHECK
1. True or False. There are more successful PoS attacks made against large online retailers than there are against small to medium sized brick-and-mortar businesses.
- True
- False (CORRECT)
2. Which is the standard regulating credit card transactions and processing?
- PCI-DSS (CORRECT)
- Sarbanes-Oxley (SOX)
- GDPR
- NIST SP-800
3. Which three (3) of these are PCI-DSS requirements for any company handling, processing or transmitting credit card data? (Select 3)
- Cardholder data may not reside on local PoS devices for more than 48 hours
- Protect stored cardholder data (CORRECT)
- Install and maintain a firewall configuration to protect cardholder data (CORRECT)
- Do not use vendor-supplied defaults for system passwords and other security parameters (CORRECT)
Partially correct!
4. True or False. A study conducted by the Ingenico Group found that credit card transactions were sufficiently secure as long as all participants were in strict compliance with PCI-DSS standards.
- True
- False (CORRECT)
5. What are the two (2) most common operating systems for PoS devices? (Select 2)
- Windows (CORRECT)
- Mac i/OS
- Linux (CORRECT)
- POSOS
Partially correct!
6. If your credit card is stolen from a PoS system, what is the first thing the thief is likely to do with your card data?
- Use it as part of a larger identity theft scheme
- Use it to buy merchandise
- Sell it to a carder
- Sell it to a distributor (CORRECT)
7. PCI-DSS can best be described how?
- A voluntary payment card industry data security standard (CORRECT)
- A provision of the European GDPR that covers payment card data privacy regulations
- A financial regulation in the United States covering the payment card industry that replaced Sarbanes-Oxley
- A financial regulation in the United States that supplements Sarbanes-Oxley with missing provisions covering the payment card industry
POINT OF SALE BREACH GRADED ASSESSMENT
1. Which group suffers from the most PoS attacks?
- Restaurants and small retail stores. (CORRECT)
- Large online retailers like Amazon.com
- Social media companies like Facebook and Instagram.
- Government agencies.
2. Which three (3) of these control processes are included in the PCI-DSS standard? (Select 3)
- Build and maintain a secure network and systems (CORRECT)
- Maintain a vulnerability management program (CORRECT)
- Protect cardholder data (CORRECT)
- Require use of multi-factor authentication for new card holders
Partially correct!
3. Which three (3) of these are PCI-DSS requirements for any company handling, processing or transmitting credit card data? (Select 3)
- Use and regularly update antivirus software (CORRECT)
- All employees with direct access to cardholder data must be bonded
- Encrypt transmission of cardholder data across open, public networks (CORRECT)
- Develop and maintain secure systems and applications (CORRECT)
Partially correct!
4. Which three (3) additional requirements did the Ingenico Group recommend be used to enhance credit card transactions above and beyond the requirements found in PCI-DSS? (Select 3)
- Mobile Device Management (MDM) (CORRECT)
- Employee Education (CORRECT)
- Tokenization (CORRECT)
- Discontinue use of magnetic strip readers and cards
Partially correct!
5. When is credit card data most vulnerable to PoS malware?
- While stored on the PoS device hard drive
- While in RAM (CORRECT)
- After the card data has been received by the credit card processor
- While in transit between the PoS device and the credit card processing center
6. Which scenario best describes how a stolen credit card number is used to enrich the thief?
- Credit card thieves use stolen credit cards to buy merchandise that is then returned to the store in exchange for store credit that is sold at a discount for profit
- Credit card thieves resell stolen card numbers to dark web companies that use call-center style operations to purchase goods on behalf of customers who pay for them at discounted rates using real credit cards
- Credit card thieves sell stolen credit cards directly to carders using weekly dark web auctions. The carders then encode credit card blanks with the stolen numbers and resell the cards
- Stolen credit card numbers are sold to brokers who resell them to carders who use them to buy prepaid credit cards that are then used to buy gift cards that will be used to buy merchandise for resale (CORRECT)
CONCLUSION – Point of Sale Breach
In conclusion, the study of Point of Sale breaches and their repercussions on organizations through case studies offers a vital educational opportunity. By examining real-world scenarios, participants can grasp the severity of these security vulnerabilities and the far-reaching consequences they entail.
Armed with this knowledge, individuals are better equipped to devise robust cybersecurity measures, fortifying businesses against potential threats and ensuring the resilience of their operations in an ever-evolving digital environment. Through continued vigilance and proactive strategies, organizations can navigate the complexities of the modern cyber landscape with confidence and resilience.
Subscribe to our site
Get new content delivered directly to your inbox.
Quiztudy Top Courses
Popular in Coursera
- Google Advanced Data Analytics
- Google Cybersecurity Professional Certificate
- Meta Marketing Analytics Professional Certificate
- Google Digital Marketing & E-commerce Professional Certificate
- Google UX Design Professional Certificate
- Meta Social Media Marketing Professional Certificate
- Google Project Management Professional Certificate
- Meta Front-End Developer Professional Certificate
Liking our content? Then, don’t forget to ad us to your BOOKMARKS so you can find us easily!
