Answer questions -- At least 125 words per answer -- Please use your own words (no copying for internet) Thank you!

On September 8th, 2014, Home Depot released a statement indicating that its payment card systems were breached. They explained that the investigation started on September 2nd and they were still trying to discover the actual scope and impact of the breach. Home Depot explained that they would be offering free credit services to affected customers who used their payment card as early as April of 2014 and apologized for the data breach. They also indicated that their Incident Response Team was following its Incident Response plan to contain and eradicate the damage and was working with security firms for the investigation ("The Home Depot, Inc. - News Release," 2014). This is one of many retail breaches that have occurred and will continue to occur, until retailers become proactive in safeguarding their environments.

Home Depot was one of the many victims to a retail data breach in 2014. The unfortunate thing is the way the attackers infiltrated the POS networks and how the attackers were able to steal the payment card data, were the same methods used in the Target data breach. The attackers were able to gain access to one of Home Depots vendor environments by using a third-party vendors logon credentials. Then they exploited a zero-day vulnerability in Windows, which allowed them to pivot from the vendor-specific environment to the Home Depot corporate environment. Once they were in the Home Depot network, they were able install memory scraping malware on over 7,500 self-checkout POS terminals (Smith, 2014). This malware was able to grab 56 million credit and debit cards. The malware was also able to capture 53 million email addresses (Winter, 2014). The stolen payment cards were used to put up for sale and bought by carders. The stolen email addresses were helpful in putting together large phishing campaigns.

1a) If we take a look at the intangible and tangible assets, correctly identify critical assets to the organization and provide reasoning that explains why they are critical assets. Assign dollar values to the critical assets. This may require additional market research

1b) Talk about what the risk appetite of the organization and what it is based on using the information in the case study. Show a revised/improved risk appetite that you would recommend as a starting point for Home Depot if you were acting as an outside risk consultant. Justify your reasoning for why this revised risk appetite is an improvement.