.

Sunday, September 29, 2019

About Tjx Assignment

1. List and describe the security controls in place within TJX Companies. Ans: When security upgrades are made available, it’s because they’re necessary, not because software developers have thought up some great new software gimmick. Hackers are able to bypass the old systems too easily, so better security is needed to keep the hackers out. TJX ignored the need for better e-security, and even neglected to install one particular upgrade they had purchased. 2. What management, organization, and technology factors contributed to these weaknesses? Ans: Management: While one may not think of it as a weakness, the management’s reluctance to report the stolen laptop and the contents of the hard drive contributed to the difficulty in finding the laptop before the data was compromised. Organizations: VA operations should have limited the data accessible to the employees to only the data needed in order to effectively do this job. Lack of promoting the sensitivity of the data led to a careless attitude regarding the protection of the data. Technological: At a minimum the data should have been encrypted and password protected. As a practical measure, the laptop should have been protected at the BIOS level if that sensitivity of data was contained. 3. What was the business impact of TJX’s data loss on TJX, consumers, and banks? Ans: TJX faces consumer and bank class action lawsuits over the exposure of as many as 100m customer records as the result of a security breach that lasted for two distinct six-month periods between 2003 and December 2006. Hackers broke into a system that stored data on credit card, debit card, cheque, and return details in an attack blamed on a poorly secured wireless network in one of its stores. Subsequent credit card frauds have been traced to data swiped as a result of these breaches, and a number of arrests have been made. 4. How effectively did TJX deal with these problems? Ans: Not well enough. The $40. 9 million fund for the banks won’t nearly cover he banks’ losses, and I see too little info in the report about what exactly TJX is doing to prevent this from happening again. I see money being thrown at the problem, but management doesn’t seem to have a clear picture of a real solution. 5. Who should be held liable for the losses caused by the use of fraudulent credit cards in this case? TJX? The banks issuing the credit cards? The consumers? Justify you answer. Ans: Obviously TJX is responsible – their negligent behavior that made them vulnerable to the attacks. The banks and consumers can’t be held responsible – especially the consumers! If consumers were held responsible for attacks like this, we’d do away with credit cards, keep our money under our mattresses, and go back to making our own clothes and food and entertaining ourselves by telling each other stories as people did centuries ago! Then where would the banks and credit card companies be? That’s probably extreme, but so is expecting a shopper to pay for a huge corporation’s negligence and a hacker’s crime.

No comments:

Post a Comment