TJX Security Breach Essay

1473 Words3 Pages

QUESTION (1).

Did TJX protect the IT assets involved in the security breach well enough? What should TJX do immediately after being aware of the security breach? How should TJX manage their brand after the security breach incident?

ANSWERS
THE COMPANY BACKGROUND
TJX Companies Inc. was the largest apparel and home fashions retailer in the United States in the off-price segment, they were ranked 138th in the Fortune 500 rankings for 2006 with US$17.4 billion in Sales for the year ending January 2007, it has more than tripled the size of Ross Stores Inc., their closest competitor. TJX was founded in 1976 and it operated eight (8) independent businesses namely; T.J. Maxx, Marshalls, HomeGoods, A.J Wright and Bob’s Stores in the United States; …show more content…

Lack of In-store Kiosks physical security of assets – The intruders who started the security breach has started with in-store kiosks. They opened back of those terminals and used USB drives to load softwares. They turned these computer kiosks into remote terminals that connected into TJX’s networks. This brings into the issue of not monitoring and securing physical in-store kiosks. iv. Lack of Firewalls – From the appendix 1 in the case study, “Firewall is a logical or physical discontinuity in a network to prevent unauthorized access to data”. Mainly, firewalls are to defend from unwanted traffic coming from unreliable source, the fact that hackers were able to gain access to TJX’s main network through tampered in-store kiosks, means TJX has not firewalled all the devices that are connected to their network.
v. Absence of Processing Logs – There was log data discrepancy between TJX and the banks which suggested that TJX did not have processing logs on its system that were necessary to perform forensic analysis of the system such as when it was accessed, what files were added, changed or deleted etc. This is very crucial when processing millions of transactions. Logs are very important to track any previous transactions and TJX did not have

More about TJX Security Breach Essay

Open Document