We found a match
Your institution may have rights to this item. Sign in to continue.
- Title
A CASE STUDY OF THE CAPITAL ONE DATA BREACH: WHY DIDN'T COMPLIANCE REQUIREMENTS HELP PREVENT IT?
- Authors
Novaes Neto, Nelson; Madnick, Stuart; de Paula, Anchises Moraes G.; Borges, Natasha Malara
- Abstract
In an increasingly regulated world, with companies prioritizing a big part of their budget for cyber security protections, why have all of these protection initiatives and compliance standards not been enough to anticipate the leak of billions of data points in recent years? New data protection and privacy laws and recent cyber security regulations demonstrate a strong trend and growing concern on protecting businesses and customers from cyberattacks. The purpose of this research was to understand if compliance requirements would help prevent a major data breach incident at Capital One, one of the largest financial institutions in the U.S. This case study aims to understand the technical modus operandi of the cyberattack, map out exploited vulnerabilities, and identify the related compliance requirements that existed, based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework, an agnostic security framework widely adopted by the global industry to provide cyber threat mitigation guidelines. The results of this research and the case study will help government entities, regulatory agencies, and companies to improve their cyber security controls for the protection of organizations and individuals.
- Subjects
DATA security failures; DATA security; COMPUTER crimes; COMPUTER system failures; DATA protection
- Publication
Journal of Information System Security, 2021, Vol 17, Issue 1, p49
- ISSN
1551-0123
- Publication type
Article