Data Breach case
Target Data Breach Case Hints
Background:
The Background section should be approximately one page in length, short paragraphs not indented, single spaced.
Every time a fact is presented in the Background, it should have a citation in parentheses for a complete reference at the back of the paper in the References section. All references in the References section should be presented in appropriate APA format. An online reference should not just be a link. It should include a description so that it can be matched to a citation in the body of the paper. All references in the Reference section should have a citation(s) in the body of the paper.
The first few paragraphs of the Background should cover the history of Target as a corporation, its growth in stores and volume, and its financial condition at the time of the data breach in 2013. It would be helpful to include an Attachment of a graphic that shows growth in sales and stock price over a 5-10- year period prior to the breach. Make sure to include Target’s 2013 position in the retail industry and the size of its customer base. What you are doing here is setting the stage for the breach catastrophe, as you introduce Target as a company .
The next few paragraphs should give a detailed description of the breach timeline . Start with the actual breach (September), move to the attack on the POS system and malware fully installed (November), Target systems alerts triggered (December), cyber criminals take credit card data (December), Department of Justice involvement and Target top management takes action (December), etc., etc.
The next few paragraphs should detail everything that Target did wrong . For example, they were too lax in selecting and managing outside vendors. Make sure you describe the Fazio situation. They ignored and took no action on a “level 1 alert,” which is the highest level of security system alert. Top management was not involved immediately, and cybercriminals stole millions of individuals’ personal information, etc., etc. Don’t forget to include an Attachment that shows how Russian cyber criminals moved Target data through a devious worldwide network (there are many good graphics that can be found with some research).
The last paragraph should describe the impact of the data breach on Target – on customer goodwill and financials (sales, stock price, etc.). Remember to point out the impact this breach had on the U.S. economy. Discuss what Target did “to make its customers whole.” Discuss Target’s corporate restructuring and top executive changes. Now, in 2020, has Target fully recovered?
Issue:
Post the 2013 data breach, what should Target now do to prevent this from happening again?
Analysis Alternatives: explain a few paragraphs on every bullet point
· Targets should segment its networks to limit vulnerability
· develop a more effective security alert system
· Implement a continuous training program security training program for all employees
· Create a cyber-Fusion center
· be very strict with third party vendors, vetting vendor
· you need a better POS system; POS means point of sale those are the cash registers
· Have special cyber security policies for executives
· Continuous security assessments perform continuous security
· Data encryption
· always upgrade your technology for security reasons,
This is a Research Case:
This Case will require some outside research. Students usually have 10+ References for this Case . You will find that there are some outstanding articles available on Target’s data breach. After you have successfully completed this Case, not only will you be familiar with one of our nation’s most horrific examples of modern-day cyber crime, but you also will have developed an excellent understanding of cyber security. This knowledge will prove to be very valuable for you in your career.