Target Learning Recap version 2
docx
keyboard_arrow_up
School
Northeastern University *
*We aren’t endorsed by this school
Course
6204
Subject
Information Systems
Date
Apr 3, 2024
Type
docx
Pages
1
Uploaded by DoctorCheetah9406
TARGET RECAP OF LEARNINGS
The Target case highlights key learnings specific to the subject matter of Cybersecurity. Target’s experience should help your organization be better prepared around the PPT of this important area.
Subject Matter Specifics
Scope
. Cybersecurity is, first and foremost, a business risk
that needs to be managed no differently than any other business risk. Enterprise Risk types include financial, reputational, strategic and operational. Cybersecurity is one example of an operational risk and, as such, can cause the failure of the day-to-day company’s operations (in Target’s case, the loss of revenue and customer trust from a failure of its credit payment processes). When viewed in this way, companies can incorporate existing organizational, governance, oversight, expertise and policies
available for business risks, thus bringing Cybersecurity into the risk management arena.
Cybersecurity Responsibilities. Cybersecurity needs to be addressed at all levels and across all functions of a company wherever Information Technology is utilized to enable business operations. The IT function must take a leadership role to use technology
to prevent, detect, and mitigate breaches as well as to educate and collaborate with other business functions to ensure ALL business
processes
are fortified
toward protecting a company’s information assets
.
Information Assets. Companies must prioritize information assets to assess the risk likelihood
as well as the
impact
of a breach. Industry specific priorities may be different with these priorities
driving different protection levels
(i.e. email-low, grades-high at NEU, patient healthcare records high). Therefore the
Business
must establish associated protection levels based on this risk assessment criteria (likelihood and impact) with IT provides technical “tools”.
Contextual People, Process and Technology principles of Cybersecurity
People. Depends on the specific industry/company and its organizational institutions:
o
Board of Directors. A specific committee must have sole responsibility for the oversight of ALL Risk and Compliance
related matters, which includes Cybersecurity.
o
Corporate Risk Officer. Typically reporting to either the CEO or COO, ALL risk categories (see “categories” in above section) are in the “wheelhouse” of the CRO.
o
Chief Information Officer. Reporting typically to COO or CEO, responsibility of all IT.
o
Corporate Information Security Officer. The CISO typically reports to the CIO and perhaps dotted line to CRO, responsible for all information security
related areas.
o
Functional leaders. They “own” their
respective business processes and, therefore, they own
the information
used in these processes. As such, they must work with IT to ensure an appropriate level of protection for their information assets
.
Processes. Various processes must be in place to identify, assess, and mitigate this risk.
o
Prevention - Involves designing, implementing, testing and monitoring processes to prevent
breaches (
technical as well as non-technical capabilities - encryption, network segmentation, user training, management education, company procedures,
policies, vendor/partner interaction (
Target really blew this one
!)
, auditing, etc.) o
Incident Response
. Involves having documented plans that are tested on a frequent basis
to respond to actual breaches. It includes incident identification, monitoring, reporting, remediation, all designed to minimize the impact of an actual breach.
Technology. All the hardware, software and networks utilized to support cybersecurity. This
“IT infrastructure” is the sole responsibility of the IT function to install, operate and monitor.
Discover more documents: Sign up today!
Unlock a world of knowledge! Explore tailored content for a richer learning experience. Here's what you'll get:
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help