SEC571
Week 2
Organization Profile and Problem Statement
By:
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Guidelines and tips
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community
Ask the community for help and clear up your study doubts
University Rankings
Discover the best universities in your country according to Docsity users
Free resources
Our save-the-student-ebooks!
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
Cybersecurity Risks and Solutions for Victoria's Secret: API Endpoint Case Study, Assignments of Computer Security
A case study analyzing cybersecurity risks associated with insecure api endpoints within victoria's secret & co.'s digital infrastructure. It identifies vulnerabilities, threats, and potential impacts, providing a comprehensive problem statement and outlining the need for remediation. The document serves as a valuable resource for understanding cybersecurity challenges in the retail industry and exploring practical solutions to mitigate risks.
Typology: Assignments
2024/2025
1 / 11
This page cannot be seen from the preview
Don't miss anything!
Related documents
Partial preview of the text
Download Cybersecurity Risks and Solutions for Victoria's Secret: API Endpoint Case Study and more Assignments Computer Security in PDF only on Docsity!
SEC
Week 2
Organization Profile and Problem Statement
By:
Rubric
Criteria Total
Selection of Organization 10
Identification of products and services 10
Analysis of potential improvements 10
Problem statement 15
Total 45
(https://www.victoriassecretandco.com/our-
company/about-us)
Services
- E-Commerce^ Platform
- Order Management and Online shopping via VS&Co. website
- Mobile^ Application
- Mobile app containing loyalty rewards, digital wallet, deals, and personalized shopping experience per user
- In-Store^ Services
- Buy Online, pickup in store, Try in store and order a specific color, size, or style and have it shipped to your home.
- Loyalty^ and Rewards Program
- Personalized^ discounts, offers and rewards
- Marketing^ and Analytics
- Analysis^ of customer data to provide targeted marketing
- Customer^ Account Management
- User^ account that stores personal information, payment information, order history, and other account preferences
- Store associates can be targeted by phishing attacks in attempts to steal credentials.
Security Vulnerabilities and Threats
- Marketing^ and Analytics
- Insider^ Threats
- (^) Employee may unintentionally misuse sensitive data.
- Data^ Privacy/Compliance Risks
- (^) Improper
- Insider^ Threats
handling of personal data resulting in non-compliance of regulations.
- Customer^ Account Management
- Session^ Hijacking
- (^) An attacker can take over an active user session resulting in loss of
- Session^ Hijacking
customerdata or other
sensitive information.
- Poor^ Authentication
- (^) Poor passwords and/or lack of MFA can allow an attacker to gain control over a customer
Purpose Statement
- The main objective of this technical report is to present a complete solution to lessen the risks associated with insecure API endpoints within (^) digital services at VS&Co. By identifying this vulnerability and producing a defense plan, this report will help provide VS&Co. with the ability to protect customer data and strengthen its cybersecurity infrastructure.
Problem Statement
- VS&Co. is facing a crucial cybersecurity risk due to insecure API endpoints within its digital infrastructure. Without the remediation of this vulnerability the company can be impacted by data breaches, disruption of services, unauthorized access, etc. If not addressed promptly this could result in a loss in revenue and customer confidence. Not to mention potential loss of data or damage to digital infrastructure.