Preventing Data Breaches by Proactive Data Mining

Abstract

This thesis provides an answer to the question: How can proactive data mining of security events help prevent data breaches of credit card data in a PCI DSS compliant environment? The credit card environment is sketched and covers the three actors in a credit card transaction (Cardholder, Merchant and Banks). PCI-DD is discussed together with the various other standards created by the PCI Security Council. The concept data breach is elaborated on and 15 indicators are discussed which should notify a possible breach as early as possible. A method is created that consist of four steps (Identify Data, Map Indicators, Data Mining & Follow-up) that will assist organizations in preventing data breaches. Vulnerability management, by periodically performing vulnerability assessments is necessary for organizations to have a secure basis. An evaluation of the indicators and method concludes this research.