It/205 Tjx Companies.Doc
The credit card data theft at TJX Companies is considered one of the worst ever. The case is significant because of a lack of appropriate security and control.
Resources: Ch. 7 & 12 of Essentials of Management Information Systems
Answer the following questions in 200 to 300 words:
• List and describe the security controls in place. Where are the weaknesses? • What tools and technologies could have been used to fix the weaknesses? • What was the business effect of TJX’s data loss on TJX, consumers, and banks? Which moral dimensions may be applied in this situation? How?
CheckPoint: TJX Companies
The TJX Company was using the Wired Equivalent Privacy (WEP) encryption system, which caused the data theft at the TJX Companies. The WEP made it easy for hackers to navigate and steal information. TJX had out of date security and controls. TJX failed to properly encrypt data on many of the employee computers that were using the wireless network. TJX also did not have an effective firewall installed yet. In addition, TJX Company purchased additional security programs, but did not have them installed yet or did not have them installed correctly. Therefore, to have an even stronger resistance to hackers, simply changing from the outdated WEP or Wired Equivalent Privacy to WPA or Wi-Fi Protected Access would of worked. The Wi-Fi Protected Access (WPA) is standard, but has a complex encryption system. Installing firewalls could have reduced or eliminated the ability of the hackers to gain access to customer information. The TJX Company should have check and updated the security and controls. Every small company and home users should check every six months to a year for updates on these types of things. With even larger companies, like TJX, should check almost every three months. By doing this, they are making sure they are up to date, and that nothing can break them down. Installing a round-the-clock security monitoring and detection service from
Resources: Ch. 7 & 12 of Essentials of Management Information Systems
Answer the following questions in 200 to 300 words:
• List and describe the security controls in place. Where are the weaknesses? • What tools and technologies could have been used to fix the weaknesses? • What was the business effect of TJX’s data loss on TJX, consumers, and banks? Which moral dimensions may be applied in this situation? How?
CheckPoint: TJX Companies
The TJX Company was using the Wired Equivalent Privacy (WEP) encryption system, which caused the data theft at the TJX Companies. The WEP made it easy for hackers to navigate and steal information. TJX had out of date security and controls. TJX failed to properly encrypt data on many of the employee computers that were using the wireless network. TJX also did not have an effective firewall installed yet. In addition, TJX Company purchased additional security programs, but did not have them installed yet or did not have them installed correctly. Therefore, to have an even stronger resistance to hackers, simply changing from the outdated WEP or Wired Equivalent Privacy to WPA or Wi-Fi Protected Access would of worked. The Wi-Fi Protected Access (WPA) is standard, but has a complex encryption system. Installing firewalls could have reduced or eliminated the ability of the hackers to gain access to customer information. The TJX Company should have check and updated the security and controls. Every small company and home users should check every six months to a year for updates on these types of things. With even larger companies, like TJX, should check almost every three months. By doing this, they are making sure they are up to date, and that nothing can break them down. Installing a round-the-clock security monitoring and detection service from