100%(1)1 out of 1 people found this document helpful
This preview shows page 2 - 5 out of 17 pages.
Even Though , target already had current policies in place, six months prior to hackersgetting into their security system . They had began a $1.6 million malware detection tool they purchased from a computer security firm called FireEye. Even with this billion dollar infrastructure, which was much more extensive than other retailers. It still couldn't do muchfor the company because, target failed to act upon their finding in the new security system.Hackers were eventually able to infiltrate Target’s network by using an HVAC. When they gained access, they installed a pair of malware programs. They then sent malware
designed to steal credit card numbers to cashier stations in every domestic Target store. November 30, 2013, FireEye was alerted to the presence of the malware. Target’s security teams in Bangalore were immediately notified of the potential breach. FireEye had the abilityto automatically disable the malware, but Target had turned this feature off. By target turning the feature off, they no longer had any way of being alerted so FireEye also alerted Target on December 2 after hackers released a new version of malware. (Adkins, 2014)Based on the evaluation, the best approach to targets security system . Is to comeup with a security system that alerts the user immediately giving the middle man the op-portunity to find a quick solution to the breach and putting a stop to it right away. Thereare several key leaders since confidentiality is a important factor , it is essential to havedesignated a security officer who would be responsible for coordinating and executingthe program that would protect customers information . This security officer would alsoreport to someone outside of the organization to make sure everything is secure and inline. The officer would also offer classes to current employees , by teaching them how todetect a potential threats to the organization. Thats why it is important develop a risk assessment team who would manage thesecurity program. This team would be one the most important key factors to the organiza-tion because they would identify the risk and would ultimately decide on the appropriate,
most cost effective ways to manage them. The main objective would be to minimize po-tential threats , but not eliminate them . To insure integrity in the organization and to pre-vent data integrity failure an alerting system would be put into place. This system will bedesigned to detect potential threats, and give the risk assessment team options on how toget rid of the threats.Target already has had a bad reputation with immediate response to the breaches.They also claimed that it had suffered a data breach despite its best efforts, but it waslater revealed that it had been alerted more than once about breaches. It was said Targetalso waited six days after it was informed to tell consumers about the hacking attack, andabout a month before it revealed the extent of it. More than 90 lawsuits have been filedagainst Target by both customers and banks, and Target's profit during the holiday shop-ping period dropped 46 percent from the previous year.