StudyDaddy Computer Science NEED STATEMENT OF POLICY ADDED TO MY PAPER

NEED STATEMENT OF POLICY ADDED TO MY PAPER


Intro to Information Assurance

Module 3

Chaston Carter

04/17/17

Target Corporation



Target has had many ethical challenges over the years but one of the biggest ones they have encountered was the a credit and debit card data breach thought to have exceed ed $700 million which was the biggest retail hacking in U.S. history to date. While this is serious, what is even more serious is that Target had clear warning signs that hacking was occurring, but due to the lack of action the hacking continued within the organization. It was estimated that close to 70 million people had their personal data stolen. That information consisted of names, mailing addresses, phone numbers and email addresses. Not only was it personal information shared , but a-lot of people encountered unauthorized, charges on their credit card or debit card. The organization was shocked at the amount of people that were affected by this recent attack.


I had only 10 days to implement changes to its security policies, to prevent this from happening again. The ultimate goal was to come up with quick solutions to solve this problem. My first goal was to develop a written information security program, which would ultimately document potential security risk. Since the confidentiality of the customers information is a important key factor. The goal of the whole credit breach is to prevent customers information from getting stolen . We can start by eliminating the problem, by offering security training to current workers, this would not only educate them but they would learn the importance of safeguarding personal information , and it will allow them to learn when to be alert to potential threats. To insure integrity in the organization a system must be put in place to detect any changes in data that might cause the server to crash when making a purchase, or interfere when a customers makes a purchase at a target store.

To Ensure Availability in Target Corporation , we would maintain all certain possible customers information, to prevent any data from being lost, data could be store in a isolated protected location. One of the main issues with the credit cards hacked in the breach was that when the cards were swiped the magnetic strip on the back contained unchanging data. Whoever accessed the data got ahold of information necessary to make purchases. Which eventually made traditional cards prime targets for counterfeiters. The problem with Target corporation is that they had no real structure on how to be alerted when there was suspicious activity in a customers account. The main objective for this information assurance plan is to develop an alerting system that will alert a middle man when there is suspicious, or unusual activity in a customers account.


Even Though , target already had current policies in place, six months prior to hackers

getting into their security system . They had began a $1.6 million malware detection tool

they purchased from a computer security firm called FireEye. Even with this billion dollar

infrastructure, which was much more extensive than other retailers. It still couldn't do much

for the company because, target failed to act upon their finding in the new security system.

Hackers were eventually able to infiltrate Targets network by using an HVAC. When

they gained access, they installed a pair of malware programs. They then sent malware

designed to steal credit card numbers to cashier stations in every domestic Target store.

November 30, 2013, FireEye was alerted to the presence of the malware. Targets security

teams in Bangalore were immediately notified of the potential breach. FireEye had the ability

to automatically disable the malware, but Target had turned this feature off. By target turning

the feature off, they no longer had any way of being alerted so FireEye also alerted Target on

December 2 after hackers released a new version of malware. (Adkins, 2014)


Based on the evaluation, the best approach to targets security system . Is to come up with a security system that alerts the user immediately giving the middle man the opportunity to find a quick solution to the breach and putting a stop to it right away. There are several key leaders since confidentiality is a important factor , it is essential to have designated a security officer who would be responsible for coordinating and executing the program that would protect customers information . This security officer would also report to someone outside of the organization to make sure everything is secure and in line. The officer would also offer classes to current employees , by teaching them how to detect a potential threats to the organization.


Thats why it is important develop a risk assessment team who would manage the security program. This team would be one the most important key factors to the organization because they would identify the risk and would ultimately decide on the appropriate, most cost effective ways to manage them. The main objective would be to minimize potential threats , but not eliminate them . To insure integrity in the organization and to prevent data integrity failure an alerting system would be put into place. This system will be designed to detect potential threats, and give the risk assessment team options on how to get rid of the threats.

Target already has had a bad reputation with immediate response to the breaches. They also claimed that it had suffered a data breach despite its best efforts, but it was later revealed that it had been alerted more than once about breaches. It was said Target also waited six days after it was informed to tell consumers about the hacking attack, and about a month before it revealed the extent of it. More than 90 lawsuits have been filed against Target by both customers and banks, and Target's profit during the holiday shopping period dropped 46 percent from the previous year.


Since a lot of customers were left out of the loop, target came up with the solution of

sending customers emails with general security tips and were offered with one year of free

credit monitoring and identity theft protection. Additionally, The CEO assured customers

that they would not be held liable for any fraudulent charges made to their credit cards as a

result of the hack. Customers were offered 10 percent off in-store purchases following the

data breach.


The best solution thus far was Target announcing that it would begin to release credit and debit cards with chips instead of magnetic strips on the back of the cards by 2015. They had invested over $100 million in registers and technology that will be able to read the new chip cards.

As result in the huge percentage of customers lost CEO Gregg Steinhafel stepped down.





















References:

Kossman, S. (2016, xxsssdddFebruary 02). 8 FAQs about EMV credit cards. Retrieved April 21, 2017, from http://www.creditcards.com/credit-card-news/emv-faq-chip-cards-answers-1264.php

Initiative, Daniels Fund Ethics, University Of New Mexico, and Http://danielsethics.mgt.unm.edu. Target: Putting Customers First? (n.d.): n. pag. Web.


Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!