Target Case Analysis Example 1
docx
keyboard_arrow_up
School
Northeastern University *
*We aren’t endorsed by this school
Course
6204
Subject
Information Systems
Date
Apr 3, 2024
Type
docx
Pages
2
Uploaded by DoctorCheetah9406
Case: Target
3/20/24
1.
“Who Should Take the Fall.”
While there were a multitude of factors that led to the Target Data breach and the CIO, CEO, and Board of Trustees having equal responsibility. CIO Beth Jacob should be fired due to the lack of reaction from the US security team when notified of the breach by FireEye. Overseeing both parties puts her the most at fault. Although in some cases as seen in the article “Who Should Take the Fall” no one is at fault and this scapegoating can shift the blame away from the
hackers and to the company, the negligence of security is too much to ignore especially when the FireEye Team sent multitude warnings ahead of time.
2.
A.
Prevention of the breach
People
Process
Technology
US Team ignoring multiple FireEye alerts, rendering it as just a false positive and creating a dangerous precedent
No set processes or communications in place in the event that a data breach did happen Lack of two-factor authentication which was standard for the PCI (payment card industry)
2.
Prevention Recommendations
Target got far too complacent and was not prepared to prevent a breach due to their lax approach and lack of governance from executives and their disregard for audit measures as a whole. A proper restructure and outlining of responsibilities is well overdue for Target.
B.
Breach Response
: The full story: Target’s customers, BOD and shareholders
Facts
Causes
Resolutions
-Hackers installed malware and data breached
-40 million credit and debit card records stolen
-Additional 70 million records stolen
-Lack of attention to detail by US based security team when FireEye raised the warning
-Rushed planning by higher ups
-Customer and Bank lawsuits
-3rd party investigations
2.
How could this poor response
have been avoided?
The poor response could have been avoided with proper procedures and planning in place with a solid structure. A large pain point in the response was the customer experience as call centers
were not prepared for the sheer volume of call-ins leaving many disgruntled and worried for their
privacy and security.
3.
A.Information Security is a key part of the new Risk and Compliance committee charter because it is an acknowledgement of past experiences with the data breaches and highlights the importance of doing better to provide protection and if necessary incident responses.
BOD Oversight Steps
Example 1
Example 2
Understand Cyber Risk
Target could follow standard protocol for security measures and introduce 2-factor identification
Heightened awareness of all executives with cyber security as Target
Evaluate Approach
Creation of the Target Risk and Compliance Committee
The CIO needs to be at the forefront and work with cyber risk programs Prioritize Cyber Risks
Better evaluation tactics in determining what needs to be protected including segmentation at Target Target needs to comprehend the fallout aside from the revenue but also potential lawsuits
Technology Roadmap
Target should expand beyond FireEye and have a strategy alongside it
Real-time security updates and increased event monitoring, especially around peak shopping Testing Response Plan
Target should have better prepared their call centers Target should have better statements from execs
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help