95-722 Digital Transformation
Case Study Analysis: Security Breach at TJX
Submitted By: Team 7
Mary Ann Jacob
Pallavi Thakur
Prasoon Paliwal
TO : Owen Richel, Chief Security Officer, TJX
FROM : Mary Ann Jacob, Pallavi Thakur, Prasoon Paliwal
SUBJECT : Recommendation for strengthening IT post security breach at TJX
DATE : April 2, 2017
Problem Statement
IT systems played a crucial role in equipping TJX to be the market leader in North America in the off-price segment for apparel and home fashions retailer. It was significant in enabling TJX to achieve operational efficiency, price competitively and effective customer targeting. Between 2006 to 2007, TJX faced heat due to a major security
…show more content…
The purpose of this recommendation is to improve the compliance of TJX to Auditing and Payment Card Industry standards (PCI). Each team should be responsible for tracking one standard and should comprise of people from different departments. This will help in spreading awareness about the compliance amongst different teams and these members can educate the employees in their respective departments. These teams can assist the auditor during the audit process and make sure that the key aspects are monitored and checked during the audit. This will also help the management and employees realize that security is not the just the IT component but a critical business component of their organization. Please refer Appendix B for chart for team formation and …show more content…
Share information securely
2. Be a part of team to monitor and help in IT Security Programs
Auditor 1. Ensure that the system is complaint to the standards
Retail Store Personnel 1. Making sure systems are not getting mishandled
IT Department 1. Make sure that systems are secured, software’s are updated, and data is transmitted in a secure way
2. Educate the employees about IT security threats
3. Ensure technical adherence to standards
Higher Management 1. Ensure that the security is
2. Allocate sufficient budget for IT security
3. Make IT security as a key ascpect of the organization
Owen Richel 1. Ensure proper standards and measures are followed
2. Mentor and supervise team
3. Make sure that only relevant information is stored in databases
4. Monitor KPI to track the processes
References https://digitalguardian.com/blog/expert-guide-securing-sensitive-data-34-experts-reveal-biggest-mistakes-companies-make-data For Team and Process
Oftentimes when reading fictional texts with similar themes, readers will find themselves encountering similar characters. In the realm of modern literature, elderly Asian women are often portrayed with many similarities; they are seen as protective, caring people who possess great wisdom. Ayako Nakane, also known as Obasan, the title character of Joy Kogawa’s Obasan, and the character Poh-Poh in Wayson Choy’s novel The Jade Peony, are very similar in this regard. Both Obasan and Poh-Poh drive forwards their respective narratives with their strong personalities. They have each suffered through troublesome pasts and as a result have become very wise. Obasan and Poh-Poh share many similarities but they also have their differences. Both women
ensure that all licenses and legislation is adhered to with regards to the software and programming.
The TJX companies breach has been labeled the largest data breach in the history of security breach and the ultimate wake up call for corporations (Dash, 2007). TJX is the parent company of chains such as TJ Maxx, Marshalls, Homegoods, and a host of retail stores across the US and Canada. In January 2007, it was discovered that hackers stole as many as 200 million customer records due to a failed security system by TJX which resulted in a $4.8 billion dollars’ worth of damages (Swann, 2007). It is said that the breach occurred because they did not have any security measures in place to protect consumer’s data such as their debit cards, credit cards, checking account information, and driver’s license numbers. Reports identified three major
business issue and not just a technology issue. As seen by the attack, an IT security
As the dominant retailer with sales totaling $264 billion in 2012 with a 2.2 % increase from the previous year Walmart has enhanced performance to align with customers’ demands by operating more efficient (“Walmart U.S.,” 2013). In order to sustain a high return on investment, Walmart has designed a unique information technology infrastructure consisting of network and software capabilities. Effective
Zara’s IT was positioned in the support mode quadrant on the IT strategic impact grid. This demonstrates that Zara's leadership team understood that their corporate strategy focused on the expansion of the number of stores selling of high fashion, short life span clothing to young fashion conscious, city dwellers. There was a relatively low need for reliability and strategic IT, it simply existed to support employees activities (Nolan and McFarlan, 2005). By implementing a new POS system Zara could potentially have come up against the following key risks:
The steps that can be implemented to ensure the prevention of computer system failure is to regularly update the computer operating system. Hackers often look for a system that does not have the latest protection. Software must also be put into place to prevent spam and detects spyware, programs installed hidden from the outside exposure of sensitive information computer system against intruders. When using the encryption software to protect customers' financial information from theft during a transaction.
PCI DSS provide guidance on creating clear separation of data within the network, cardholder data should be isolated from the rest of the network, which contains less sensitive information. To audit the PCI DSS compliance the following documents can be helpful: network policies and procedures, documentation about network configuration, network devices, and network flow diagrams. There is no complete solution on how organization should configure network and devices to ensure PCI DSS compliance, because every organization has its own business specifics and its own technology, so we say that also segregation of duties is unique for every organization. But we also may conclude that segregation of duties depends heavily on the network configuration and network devices and because of that one of areas of auditing for PCI DSS compliance is also documentation and
With the purchase of Swagger Distribution, a company that distributes clothing and apparel by a new owner; she is looking to make some changes in the IT area of her company. Since, she does not have any IT experience and has consulted me as an IT consultant to help her regarding the matter. After careful research and evaluation of her company’s current IT infrastructure the following areas have been explored and the recommendations that follow are best suitable for the company according to what the new owner wants.
This document outlines how Digits and Widgets will create an effective Security Program to ensure that business critical assets and processes are protected from disruption and to minimize any impact resulting from any form of Information Security attack. This may include internal or external threats, physical and digital risks, and mobile technology while transporting goods. We will follow a structured process to first identify what our business critical assets and process are by information gathering from each department. From this point we will assess and evaluate the risks to our assets and processes. Finally, we will choose cost effective options to address our most business relevant risks. Continuing from here we will establish a maintenance program to ensure that as our business grows and evolves, so does our Security Program to
| 6.3 – The use of IT capabilities in Shoprite Holdings | | |16 – 17 |
The systems approach to problem solving is used to analyze and identify mediatory provisions, see figure 2, Appendix D, Systems Approach to Problem Solving. Loss suffered in the Societe Generale Bank security breach was substantial because the perpetrator knew where to look to acquire access to financial information and circumvent existing security measures. This defined fraudulent behavior and solidified criteria for productive countermeasures. Prevention and risk management must be addressed by establishing policies and procedures and enforced by management at all levels. In accordance with Societe Generale Bank security policy these recommendations are proposed
Successful security plans include evaluation of data sensitivity, integrity, confidentiality, and date availability. System confidentiality assures that all data in the system is protected from disclosure to unauthorized processes, people, or devices. System integrity insures that company’s data is protected from unanticipated/unauthorized, or unintentional destruction (or modification). System availability provides assurance that data, services, and IT system resources are accessible to all system-related processes and authorized users on a reliable and timely basis, while protected from denial of service (Assessing the Security of Federal IT Systems, 2007).
Data integrity: This will be achieved through setting permissions on who may access individual files and menus, which will be logged into using usernames and passwords. SSL will be implemented to ensure transactions are encrypted and may not be intercepted. Antivirus software will be installed to make sure viruses cannot infect and change customer and bank information. White and Black Hat tests will be conducted to ensure security measures are able to ward off attacks such as
As per my study, the following are the recent information Security breaches in the news since last decade.