Target also decided to utilize role based access control list because of the

Target also decided to utilize role based access control list because of the flexibility it cre- ate of granting and revoking user access based on specified roles within the organization. Users can be granted permissions to objects in terms of the specific duties they must perform and not according to a security classification associated to the individual objects (Rouse, 2012). Finally implementing separation of duties helps Target manage conflict of interest and fraud, by restricting power held by any one individual. This provides checks and balances and also limits the harm that can be caused by one single individual and reduces the organization’s exposure to damage (Conklin & White, 2015). Maintaining Information Assurance Plan Target understands that maintaining this information assurance plan will involve every member of the organization and also require a day to day monitoring, so it is stays effective and relevant in improving their network security. Therefore management created some critical steps and programs that will enforce daily maintenance and continuous implementation of the plan. Security Awareness Programs : Target management decided to implement monthly security meet- ings to talk about security policies, risks and incidents assessments performed for the organiza- tion. The awareness program serves as a monthly refresher to the daily security risks facing the organization as well as creating continous awareness for relevant security incidents that has oc- curred within their organization or industry (Kadam, 2002). Monitor and Review Security Performance: Since the implementation of an information assur- ance policy is not a one-time event, target created controls to monitor and review performance of the plan, to ensure that it is still serving the purpose for which it was created (Kadam, 2002).

Quarterly Audits: Target IT department also set up quarterly audits with an external auditor to re- view the various performance controls in place, gather performance results, document all non- conformities that will require corrective actions and identify new threats (Kadam, 2002). Management Review: This review meetings will be conducted to revisit issues, analyze audit re- ports and take decisive actions, whether to keep the information assurance plan as is or to recom- mend improvements in order to accommodate the newly identified threats (Kadam, 2002). Justification of Maintenance Plan The importance of these maintenance steps is that they help to periodically access risks, identify new risks, and measure effectiveness of the program. Periodic audits are important be- cause they serve as compliance controls that help the organization to monitor compliance to the plan. They also help access new risks, which gives the management the most updated informa- tion concerning risk facing their organization, and helps determine proper corrective actions to taken in order to ensure the most adequate security controls are implemented.