Target in one of the largest data breaches ever

This preview shows page 12 - 14 out of 24 pages.

Target. In one of the largest data breaches ever reported, hackers stole credit and debit card records from more than 40 million Target customers, as well as personal information like email and mailing addresses from some 70 million people (Granville, 2015). The breach was caused by malware installed on the company's networks that siphoned away customer information. Risk ManagementThe risk management system of CCS International presents industry standards, guidelines, and practices in a manner that allows for communication of cyber security activities. This communication trail is designed by CCS International to reach across the organization from the executive level to the implementation/operations level. The framework of our risk management system consists of five concurrent and continuous functions. These functions are to:1.Identify the threat.2.Protect the network.3.Detect all compromises.4.Respond to the threat.5.Recover lost, stolen, and/or corrupted data (NIST, 2015). When considered together, these Functions provide a high-level, strategic view of the lifecycle of an organization’s management of cyber security risk. How Risk Management HelpsTo manage risk, organizations should understand the likelihood that not only will an event occur, but also the ramifications of the impact (NIST, 2014). With this information, CCS 12
CYBER SECURITY BRIEFINGInternational can assist organizations in determining the acceptable level of risk for delivery of services and can express this as their risk tolerance.With an understanding of risk tolerance, organizations can prioritize cyber security activities. This prioritization will enable them to make informed decisions about cyber security expenditures. Implementation of risk management programs offers organizations the ability to quantify and communicate adjustments to their cyber security programs (NIST, 2014). Our framework uses risk management processes to enable organizations to inform and prioritize decisions regarding cyber security. It supports recurring risk assessments and validationof business drivers to help organizations select target states for cyber security activities that reflect desired outcomes (NIST, 2014). Thus, the Framework gives organizations the ability to dynamically select and direct improvement in cyber security risk management for the IT and ICSenvironments.Recommended Security PracticesOur cyber security team understands the benefits of using applications. The use of these applications allows organizations to function and be productive. However, they also put sensitive data at risk.Monitor Applications with Access to DataWhen protecting critical information, the usual strategy involves putting up firewalls and building your infrastructure around the data you want to protect. However, applications are then given access, around the firewall, to this data. When hackers look to steal your data, they won’t try to hammer their way through your firewall, they will look for the least secure system, typically an application, with access to the data they need (Vlachos, 2015).

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture