Preview

About Tjx Assignment

Good Essays
Open Document
Open Document
525 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
About Tjx Assignment
1. List and describe the security controls in place within TJX Companies.
Ans: When security upgrades are made available, it’s because they’re necessary, not because software developers have thought up some great new software gimmick. Hackers are able to bypass the old systems too easily, so better security is needed to keep the hackers out. TJX ignored the need for better e-security, and even neglected to install one particular upgrade they had purchased.

2. What management, organization, and technology factors contributed to these weaknesses?
Ans: Management: While one may not think of it as a weakness, the management’s reluctance to report the stolen laptop and the contents of the hard drive contributed to the difficulty in finding the laptop before the data was compromised. Organizations: VA operations should have limited the data accessible to the employees to only the data needed in order to effectively do this job. Lack of promoting the sensitivity of the data led to a careless attitude regarding the protection of the data. Technological: At a minimum the data should have been encrypted and password protected. As a practical measure, the laptop should have been protected at the BIOS level if that sensitivity of data was contained.

3. What was the business impact of TJX’s data loss on TJX, consumers, and banks?
Ans: TJX faces consumer and bank class action lawsuits over the exposure of as many as 100m customer records as the result of a security breach that lasted for two distinct six-month periods between 2003 and December 2006. Hackers broke into a system that stored data on credit card, debit card, cheque, and return details in an attack blamed on a poorly secured wireless network in one of its stores. Subsequent credit card frauds have been traced to data swiped as a result of these breaches, and a number of arrests have been made.

4. How effectively did TJX deal with these problems?
Ans: Not well enough. The $40.9 million fund for the

You May Also Find These Documents Helpful

  • Good Essays

    Nt1330 Unit 6 Paper

    • 853 Words
    • 4 Pages

    In my opinion the PCI-DSS standards in place should lead to a secure network and ultimately protect the cardholder data. The Payment Card Industry (PCI) data security standard has important requirements like maintaining a firewall configuration, regularly updating anti-virus software, encrypting transmission of cardholder data across open, public networks to name a few. Unfortunately, the auditing practices at TJX were poor and did not identify the real problems with the TJX systems. The were three crucial issues with the TXJ systems. The first one was the absence of network monitoring; according to the PCI standards, a firewall or a “do not use vendor-supplied defaults for system passwords” was required. They also violated the second PCI standard of protecting the cardholder data by not keeping data logs, and the presence of unencrypted data stored on the system. The stolen information was from old transactions from 2002 which were supposed to be…

    • 853 Words
    • 4 Pages
    Good Essays
  • Good Essays

    FXT2 Task2

    • 825 Words
    • 4 Pages

    The nature of this event describes an internal breach of security in order to access and manipulate sensitive data. This internal breach was caught by the auditor, but the communications from the auditor to those who’s data was breached was intercepted.…

    • 825 Words
    • 4 Pages
    Good Essays
  • Good Essays

    Information that is stored in an organisation has to follow the security and confidentiality procedures. For example finances, customer’s and employee’s details should be secured and only certain members of staff should be able to access physical and electronic data unless you have been given authorisation. If information gets into the wrong hands it could have serious consequences and might lead to legal action.…

    • 777 Words
    • 3 Pages
    Good Essays
  • Powerful Essays

    Means of enforcement of security policy should be a primary consideration throughout the research, test and implementation phases of any security technology. Careful research, review of manufacturer’s documentation, questions presented to vendors and manufacturers, and testing of the technology can serve to meet this criteria. Without a method of enforcement, effectiveness of security policy is questionable at best. While audit trails, hardware analysis and security logs should be reviewed regularly; it is a time-intensive process and this alone alerts the administrator to violations and security threats…

    • 601 Words
    • 3 Pages
    Powerful Essays
  • Satisfactory Essays

    The data breach resulted from Target’s failure to segregate systems handling payment card data from the rest of its network (Bertrand, 2014). The attackers gained access to the company’s network with a username and password stolen from Fazio Mechanical Services who provided refrigeration and HVAC systems for them. With just that information alone, the attackers were able to upload malware programs on Target’s Point of Sale (POS) systems.…

    • 256 Words
    • 1 Page
    Satisfactory Essays
  • Satisfactory Essays

    Everyone who is responsible for using data has to follow strict rules called ‘data protection principles’. They must make sure the information is:…

    • 354 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    unit 203 and 212

    • 1225 Words
    • 5 Pages

    2.2: an organization needs to meet requirements if it has stored any information on people, whether its paper based or electronically or information should be kept safely and stored securely. The organization should also have an access to information policy.…

    • 1225 Words
    • 5 Pages
    Good Essays
  • Satisfactory Essays

    Diploma Level 3 Hsc 38

    • 299 Words
    • 2 Pages

    Respecting confidential information and clearly explaining agency polices about confidentiality to service users and careers.…

    • 299 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    Let’s look at confidentiality which is one of the most important measures to maintain safety and security. Not following procedures according to Data Protection Act 1998, which objectives aim at secure data processing and storage, may result in legal action against employers. These procedures may vary depend on the nature of the business. Nowadays vast majority of the business relay on computerised filling system, therefore, employers must take every necessary measure to protect that system from for example, hackers. Employees, on the other hand must follow all procedures to ensure they use system correctly and legally. Consequently, not following health, safety and security procedures may also lead to economic crises of an organisation, for example, court may order to pay very high fine or close down the business and loss of the customers. Moreover, an employer who failed to follow health, safety and security procedures where as a result employees are getting harmed at work is highly likely to be exposed to organisational grievance or disciplinary procedures. For example, in a care home failure to provide moving and handling training to induction staff would have catastrophic consequences such as: spine injuries acquired by using incorrectly equipment or by not using it at all when necessary or even a death of a care taker if handled inappropriately using unsecured hoist. This scenario would not…

    • 335 Words
    • 1 Page
    Satisfactory Essays
  • Satisfactory Essays

    Tjx Companies

    • 398 Words
    • 2 Pages

    The TJX’s security breach left effects in many areas. TJX will suffer from many lawsuits and penalties for a long time. Customer loyalty will be down. Consumers will feel the effects in the changes that could be made to increase the level of security in the use of credit and debit cards. The consumer could also see price increases to cover the losses caused by many legal fees. Banks will see effects in the costs to replace the debit and credit cards that may have been compromised. They will also suffer from the legal costs to recover money from TJX.…

    • 398 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    Security Breach Examples

    • 321 Words
    • 2 Pages

    One good example of breach is the TJX data theft that happened sometime in mid-2005 and on subsequent dates from mid-May 2006 to mid-January 2007. The TJX data theft is considered as the largest case of intrusion of data to occur to date. According to the article, the data stolen by hackers were at least 45 million credit and debit cards numbers from its IT systems. More personal information was also stolen from more customers such as driver’s license, military identification and state identification numbers. The article also mentioned that…

    • 321 Words
    • 2 Pages
    Good Essays
  • Good Essays

    Management have the final responsibility in ensuring information held on residents is wherever possible non-identifiable, used only when necessary and by the people who need to know and is stored securely. Most importantly that the company’s policies are adhered to and are working in relation to the handling and collecting and using and storing of information.…

    • 611 Words
    • 3 Pages
    Good Essays
  • Good Essays

    BIS 320 Week 4 DQs

    • 385 Words
    • 2 Pages

    DQ2: Suppose you lose your company laptop at an airport. What should you do? Does it matter what data is stored on your disk drive? If the computer contained sensitive or proprietary data, are you necessarily in trouble? What methods should you have used to address information security needs in this situation?…

    • 385 Words
    • 2 Pages
    Good Essays
  • Good Essays

    In fact they were found to be deficient in 9 of the 12 requirements (Case Study: Operation Get Rich or Die Tryin’, n.d). In an analysis of the data breach by Mounica Vennamaneni, they found company was not just negligent in regards to PCI. There were multiple areas of failure, including, the employees level of awareness, the encryption used and even their logging procedures (Mounica Vennamaneni, 2016). Each of these failures is a lesson that, with any luck, TJX and others have taken to heart and taken steps to rectify.…

    • 724 Words
    • 3 Pages
    Good Essays
  • Good Essays

    For instance, the FBI personnel specialists who were in charge of background investigations on employees lacked the required analytical training that was crucial when assessing common issues that come up during background investigations. The employees who were using the ACS system had insufficient training and knowledge on how to use the system’s security controls, which were intended to control access to sensitive cases. Employees at the FBI had not received the appropriate training on how to handle sensitive information. In addition, FBI employees did not have the proper training on the reporting and documentation of security violations (Stich,…

    • 1552 Words
    • 7 Pages
    Good Essays