TJX security breach

1. Identify & describe the failure points in TJX's security that requires attention (including, but not limited to: People, Work Process, and Technology)? After analyzing the Ivey case on TJX data fiasco, I would say there were three major failure points that caused this $168MM financial hit to the corporation.
• Technology: it is obvious that TJX had several technology deficiencies mainly driven by systems limitations and vulnerability. For example, inadequate wireless network security allowed the hackers to attack specific stores just by using a laptop and an antenna which permitted the thieves access to the central database. As it was mentioned in the business case, TJX was using (WEP) as the security protocol and it is well-known in the e-commerce arena that WEP encryption can be deciphered in less than one minute which makes it very unreliable and risky for business transactions. Last but not least, TJX failed to encrypt customer data.
• Auditors: it is concerning that TJX passed a PCI DSS check up and that non auditor noticed the technology issues TJX was facing.
• Executives at TJX: It is evident that the company wasn’t in compliance with the Payment Card Industry (PCI) standards. Primarily, the person in charge of the IT department should have been on top of ensuring TJX to be in compliance, by setting expectations and objectives pertained to security within its organization. In addition to the head of IT, I would also find guilty, all the other executives in the company responsible for the health of the business. Secondly, TJX violated industry standards by storing full track records from each customer.
2. How should the company's IT security be improved and strengthened?
TJX IT security could be improved and strengthened by doing the following:
• Implementing good security governance: as we know TJX didn’t have any auditing access on a regular basis neither they were monitoring or having log data to do forensic analysis.
• Improve