Using Home Depot information below please answer:

2a) What are the top ten risks you see within Home Depot. Rank them in order of how critical the risks are. For each risk explain your decision as to why each risk is critical to the company

2b) Make a quantitative risk assessments using the FAIR methodology for the top 3 risks from the above question. Provide the following information for each risk

• All tables and continuums associated with the FAIR process
• All individual values used for each risk analysis
• How those values were identified (if you did additional research or made assumptions, provide that information)
• Attach any exports of calculations from your FAIR analysis

3C) For the top three risks you identified and assessed, rank them based on the assessment results

4D) Provide risk treatment recommendations for the three risks based on your analysis and your risk appetite recommendation from above

On September 8th, 2014, Home Depot released a statement indicating that its payment card systems were breached. They explained that the investigation started on September 2nd and they were still trying to discover the actual scope and impact of the breach. Home Depot explained that they would be offering free credit services to affected customers who used their payment card as early as April of 2014 and apologized for the data breach. They also indicated that their Incident Response Team was following its Incident Response plan to contain and eradicate the damage and was working with security firms for the investigation ("The Home Depot, Inc. - News Release," 2014). This is one of many retail breaches that have occurred and will continue to occur, until retailers become proactive in safeguarding their environments.

Home Depot was one of the many victims to a retail data breach in 2014. The unfortunate thing is the way the attackers infiltrated the POS networks and how the attackers were able to steal the payment card data, were the same methods used in the Target data breach. The attackers were able to gain access to one of Home Depots vendor environments by using a third-party vendors logon credentials. Then they exploited a zero-day vulnerability in Windows, which allowed them to pivot from the vendor-specific environment to the Home Depot corporate environment. Once they were in the Home Depot network, they were able install memory scraping malware on over 7,500 self-checkout POS terminals (Smith, 2014). This malware was able to grab 56 million credit and debit cards. The malware was also able to capture 53 million email addresses (Winter, 2014). The stolen payment cards were used to put up for sale and bought by carders. The stolen email addresses were helpful in putting together large phishing campaigns.