Featured Post
Nature and Scope of Investment-Free-Samples-Myassignementhelp.com
Question: Examine which Project is better so as to make more Profits and Invest into the Project. Answer: Presentation: Imprint ...
Friday, October 4, 2019
T. J. Maxx breach Research Paper Example | Topics and Well Written Essays - 500 words
T. J. Maxx breach - Research Paper Example Due to the TJX breach not only TJX had to suffer but also different banks had to pay the penalty by reissuing the cards to their customers. Gifford (2009, p 65) states that the protocol in WEP was insecure as it was not encrypted properly. TJX Co. did not apply the obfuscation and encryption policies to protect the consumer data. The security software purchased by TJX was not implemented correctly by the IT department of TJX Co. weak firewall rules are also a major characteristic of the cyber security incident. TJX had to pay around $80 -$100 million as a cost of settlement. Hence, it is important to secure data instead to pay penalties (Matwyshyn, 2009, p.9). According to Matwyshyn (2009, p.10), risk management is an important factor which should be implemented in order to prevent recurrence. This made the attack more vulnerable in nature as it did not have to undergo any type of hindrance. A chief information security officer should be allocated who has information of where the customer data is stored and moreover which of the third parties have access to it. Matwyshyn (2009, p.11) suggests that the external reports of the breach should be given importance. for example if a customer gets access to other customerââ¬â¢s data on a website and reports to the company then it should be checked instead of ignoring the issue. There should be regular monitoring of the customer data and its screening should also be done on regular basis. This helps keeping an eye on the usage of data and to remain up to date. The access to data by the employees should also be limited. According to Ballad, Ballad and Banks (2010, p.110) privileges and access to databases should be given only to the people related to information security of the organization. There should be an eye kept on the employees who want to access data, harm it or use it for some other purposes
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.