Certified Information Privacy Technologist (CIPT) — Question 27

nd

Between November 30 -
and December 2
, 2013, cybercriminals successfully infected the credit card payment systems and bypassed security controls of a
United States-based retailer with malware that exfiltrated 40 million credit card numbers. Six months prior, the retailer had malware detection software installed to prevent against such an attack.
Which of the following would best explain why the retailer's consumer data was still exfiltrated?

Answer options

• A. The detection software alerted the retailer's security operations center per protocol, but the information security personnel failed to act upon the alerts.
• B. The U.S Department of Justice informed the retailer of the security breach on Dec. 12th, but the retailer took three days to confirm the breach and eradicate the malware.
• C. The IT systems and security measures utilized by the retailer's third-party vendors were in compliance with industry standards, but their credentials were stolen by black hat hackers who then entered the retailer's system.
• D. The retailer's network that transferred personal data and customer payments was separate from the rest of the corporate network, but the malware code was disguised with the name of software that is supposed to protect this information.

Correct answer: A

Explanation

The correct answer is A because the failure to act on alerts from the detection software indicates a lapse in security response protocols. Options B and C do not address the immediate failure of security measures in detecting and responding to the malware, while option D incorrectly suggests that the separation of networks negated the risk posed by the disguised malware.