Content area
Full Text
ABSTRACT
This case study follows the security breach that affected Target at the end of 2013 and resulted in the loss of financial data for over 70 million customers. The case provides an overview of the company and describes the reasons that led to one of the biggest security breaches in history. It offers a discussion on Target's vendor management processes and the vulnerability at Fazio Mechanical Services that was among the main causes of the breach. Further, the case introduces the incident response plan implemented by Target and discusses the aftermath of the attack. The lessons learned describe some of the steps the company took to mitigate risks in the future and to strengthen its security posture. While the breach had a significant impact on Target, the organization was able to fully recover from it and develop best practices that are now widely implemented by other retailers. The case is suitable for both undergraduate and graduate students enrolled in information security or information systems courses that discuss vendor management, security incident response, or general security program administration topics.
Keywords: Information assurance & security, Cybersecurity, Case study, Teaching case, Experiential learning & education
1. INTRODUCTION
There are numerous definitions of information security, but many of them revolve around achieving confidentiality, integrity, and availability of the information and/or systems (Anderson, 2003; Dhillon and Backhouse, 2000; Sumra, Hasbullah, and AbManan, 2015; Von Solms and Van Niekerk, 2013). These goals are important, as they provide trust and guarantee the safety of data in motion and data at rest.
Within the retail industry, information security is critical as it ensures that the organizations follow best practices and can protect the personal and financial information of the customers. As Greig, Renaud, and Flowerday (2015) point out, a focus on employee behavior is vital since an "organization's success or failure effectively depends on the things that its employees do or fail to do" (Da Veiga and Eloff, 2010). Security culture has the potential to play a significant role in this respect (Vroom and Von Solms, 2004). A strong and effective security culture is in place when every employee performs daily tasks in a secure manner and such secure behavior is considered to be 'the norm' (Von Solms, 2000). Demonstrating a...