Data Breach
Data Breach
Yes, Target ignored security alerts warning them of massive data breach. Target installed FireEye tool to detect malware in their system and hired security specialist team to monitor the system round the clock. It is reported that FireEye detected an exfiltration malware uploaded by hackers and the security specialists received a security breach alert. The security specialists immediately alerted Target’s headquarters, but the warning wasn’t acted upon. Target ignored security alerts from the security team it had contracted to monitor their system.
Based on the video, it is evident that Target allowed the security breach on their system because it never heed to alerts from their cyber security experts and they disabled a part of FireEye. The disabled feature was an automated system whose function was to detect and remove the bad software-the malware. That feature was disabled on the system.
Target took various actions to remedy the situation namely: notifying financial institutions and authorities immediately about the unauthorized access; putting all the necessary resources to fix the security flaw; compensating victims of fraud. In addition to these, Target implemented amendments made to the company’s security policies. Those changes include: appointing information security chief, acquiring data security program that will develop metrics to determine the system’s security and keep record of possible security risks, and train the employees on systems security.
Legally, the measures taken by Target were enough because they compensated hacking victims and changed their security policies to shield their system from future security breach. They contained they breach and installed a security program that monitors the whole system for security risks.
Steps Target could have used to prevent information theft was to use more than one anti-malware/spyware protection, offer system security training to its employees and update their system software . Another step was to use encryption. Encryption does not protect against personal information being stolen: rather, it aims to render any information that lands into wrong hands incomprehensible thus useless.
Procedure to protect personal information is to 1) identify information requiring encryption 2) determine useful lifetime of the information data identified 3) appropriately choose encryption technology to be used 4) set procedures and policies detailing how these data and encryption technology are modified and destroyed 5) identify the key access criteria to be used in encryption and decryption process 6) install the best encryption technology 7) create key escrow and keys mechanisms 8) train users on how to detect anomalous activity with their account.
References
Epstein, R. A., & Brown, T. P. (2008). “Cybersecurity in the Payment Card Industry,”. University of Chicago, 203-223.
Joerling, J. (2010). “Data Breach Notification Laws: An Argument for a Comprehensive Federal Law to Protect Consumer. Washington University Journal of Law and Policy, p.485.
Radichel, T. (2014, August 5). Case Study: Critical Controls that Could Have. SANS Institute, pp. 7-25.
Place an Order
Plagiarism Free!
Create an Account
Create an account at Top Tutor Online
- Allows you to track orders.
- Receive personal messages.
- Send messages to a tutor.
Post a Question/ Assignment
Post your specific assignment
- Tutors will be notified of your assignment.
- Review your question and include all the details.
- A payment Link will be sent to you.
Wait for your Answer!
Make payment and wait for your answer
- Make payment in accordance with the number of pages to be written.
- Wait for your Answer as a professional works on your paper.
- You will be notified when your Answer is ready.