StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Information Security Management - Research Paper Example

Cite this document
Summary
"Information Security Management" paper argues that the information security has turned out to be a serious issue, but organizations and individuals can deal with this issue by following some security guidelines. Organizations should implement strict security measures and continuously improve them…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER96.7% of users find it useful
Information Security Management
Read Text Preview

Extract of sample "Information Security Management"

Malware infection is believed to be the most critical security threat of the recent times (Kroenke 409). One of the biggest cases of malware infection appeared when one of the biggest retailers Target Corp had to share a lot of secret data such as personal and credit card details of over 110 million customers by means of an email infected through the malware software sent to personnel of HVAC firm. According to Target Corp, this firm did business with them in the past. It is believed that the source of this attack traces back to network authorizations that was assigned by Target Corp to Fazio Mechanical. Basically, it is a small firm that produces products related to air conditioning, heating and refrigeration and is located in Sharpsburg, Pa. However, the details closed in an email were accessed and stolen as a result of this attack. In this scenario, attackers used malicious software to attack Fazio and this attack started almost two months prior to the attack that was launched against Target Corp. In fact, the attackers made use of these stolen information to steal card data from more than one thousand cash register. The investigation shows that the attackers made use of Citadel tool that is particularly used as a password-stealing bot application. In addition, this application is derived from ZeuS that is a well-known banking Trojan (KrebsonSecurity). In addition, the investigation showed that when the attackers entered into their network, the Target’s security team was able to determine only some of their actions. However, the security team carefully evaluated their actions and responded accordingly. Addition, in the light of their evaluations they identified that the action did not deserve instant follow up. In result of this attack, Target’s shares started to fall quickly. In fact, the attackers were able to steal more than 40 million credit card details as well as more than 70 million other personal details of their customers such as telephone numbers, home address and email addresses. As a result of this attack, Target had to face many possible class-action proceedings as well as serious warnings from a number of banks those are looking for compensation for millions of dollars that they lost because of this attack and the fee of card alternates. Though, Target uses a very useful tool known as FireEye that repeatedly removes malicious code or software, however the Target’s security team had turned it off before this attack (KrebsonSecurity). Up till now, more than 90 charges have been registered in different places against Target by banks and customers for compensatory losses and carelessness. However, these cases are other than the costs that wasted due to this attack. As a result of this security breach, Target Corp had to face serious consequences as its sales reduce up to 4%. In addition, due to these serious security concerns shoppers’ interest in online shopping reduced to a massive extent, which lead to a drop of more than 5% in online transactions (Ziobro). In order to deal with these serious situations, the Target Corp has taken a number of effective steps. They have started carrying out an end-to-end evaluation of their employees, technologies, applications and processes to determine their potential and capabilities with the purpose of improving data security. In addition, they are dedicated to learning from this crucial experience. In view of the fact that they are still in the mid of current investigation, but they have already taken serious actions to deal with these situations in the future. They have decided to begin the renovation of their current information security infrastructure. In this scenario, they are planning to move to chip-enabled cards. According to Target Corp, since the current investigation is undergoing so they are not sure whether it is fruitful to involve in theory without evaluating the value of the final outcomes (Ziobro). The recent attack has forced the Target Corp to make considerable changes to their current infrastructure in order to deal with any future attack. In this scenario, they have made a number of updates to improve their security infrastructure. Target Corp has stopped contractors from accessing their servers affected due to this attack, in order to avoid future attackers from getting access to its payment systems through a 3rd party. In addition, it has developed and ensured the maintenance of a “white list” of programs and applications that can be accessed through its point-of-sale servers and registers. In this scenario, Target’s steps can be considered as a positive effort towards ensuring the security of their customers’ data (Hickins). Soon after the identification of this attack, Target notified its customers through a letter in which it clarified that customers’ details such as names and other particulars, debit and credit card numbers, along with their issuance and expiration dates as well as other verification were uncovered as a result of a security breach. Once the Target Corp identified this situation, it immediately informed financial institutions and authorities, and it allocated all its resources in this effort. Along with a number of actions that Target Corp had taken in order to deal with this situation, it has also established a partnership with a prominent 3rd party forensics company to get its help in conducting a detailed examination of the event. In addition, Target Corp is also helping its customers who had lost their credit card details during this incident. In this scenario, these customers have been asked to stay in touch with Target directly and keep an eye on credit accounts. Without a doubt, Target Corp is a large size firm which operates more than 1800 stores in the U.S. and Canada (Hickins). In the past few years, information security has become a serious challenge for both organizations as well as individuals. There are emerging latest tools and techniques to carry out illegal activities. This paper has discussed the example of a well-known security breach which took place in Target Corp. As a result of this incident, the organization had to undergo serious consequences. Without a doubt, the information security has turned out to be a serious issue, but organizations and individuals can deal with this issue by following some security guidelines. In this scenario, organizations should implement strict security measures and continuously improve them. They should hire skilled professionals. They should implement latest mechanisms to ensure the security of their customers ’data. In the same way, the customers should not provide their personal details on every web site. In fact, their personal data is more precious than getting access to an online web site. They should be careful while using their personal details over the Internet. Works Cited Hickins, Michael. The Morning Download: Target Tries to Reduce Its Attack Surface. 30 April 2014. http://blogs.wsj.com/cio/2014/04/30/the-morning-download-target-tries-to-reduce-its-attack-surface/. 25 April 2014. KrebsonSecurity. Email Attack on Vendor Set Up Breach at Target. 12 February 2014. http://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target/. 22 April 2014. Kroenke, David M. Using MIS. Boston: Prentice Hall, 2012. Ziobro, Paul. Target Profit Declines on Data Breach Fallout -- 2nd Update . 26 February 2014. http://online.wsj.com/article/BT-CO-20140226-710262.html. 23 April 2014. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Research Project Information Security Management Paper”, n.d.)
Retrieved from https://studentshare.org/information-technology/1640016-research-project-information-security-management
(Research Project Information Security Management Paper)
https://studentshare.org/information-technology/1640016-research-project-information-security-management.
“Research Project Information Security Management Paper”, n.d. https://studentshare.org/information-technology/1640016-research-project-information-security-management.
  • Cited: 0 times

CHECK THESE SAMPLES OF Information Security Management

Summary (Information Security Management )

Last but not the least Yahoo conducts company-wide education and training programme to constantly educate employees about Information Security Management.... Comparatively, NSIT lays out on security management by identifying 17 controls organized into three categories: The Management Control section addresses security topics that can be characterized as managerial.... It does not mandate specific information security controls but stops at the level of the management system....
2 Pages (500 words) Essay

Information Security Management Issues

The essay "Information Security Management Issues" analyzes the major disputable issues on the system of Information Security Management.... Thus, an organized collection of procedures, people, and information technology (IT) structure that protects decisive systems and information, and secures them from inside as well as outside intimidations are known as Information Security Management (ISM) (Sipior, & Ward, 2008), (Northern Illinois University, 2007) and (Grimaila, 2004)....
11 Pages (2750 words) Essay

Research Project : Information Security Management

Instructor Institution Date information security Introduction Information systems have increasingly come under attack from various security threats.... Information stored in computer systems is often under attack from different information security threats coming from different sources.... Threats to information security often gain access to the information stored in computer systems and manipulate the data and information rendering it meaningless and useless to the owners of the information while in some cases benefiting the sources of the information security threats (Stephen, et al, 106)....
3 Pages (750 words) Research Paper

Information Security Management of BS 7799

This paper "Information Security Management of BS 7799" focuses on the fact that BS 7799 is the most influential globally recognised standard for Information Security Management systems around the world.... BS7799, which now has the international number ISO 27001:2005, is the international best practice Information Security Management standard, defining and guiding Information Security Management System development.... Part 1 (the original Code of Practice) of the revised BS7799 standard was re-titled "Code of Practice for Information Security Management" and provides guidance on best practices in Information Security Management....
6 Pages (1500 words) Case Study

Information Security Management Standards

This report "Information Security Management Standards" discusses the system that my organization has settled upon, highlighting all its features and how this new security plan will ensure that the organization does not lose or have data distorted from an invasion or crushing of the system.... This forces the organization to constantly refresh the information security systems every often to ensure that the system is not compromised (Humphreys, 2008).... To that effect, the organization funded research into the most appropriate information security system, with all the desirable security features....
13 Pages (3250 words) Report

Comparisons of Information Security Management Frameworks

Information management security frameworks are developed founded on a structured set of independent recommendations, processes as well as practices predominantly from the Information Security Management System Standard (ISO 27001).... ome of the benefits of possessing frameworks for Information Security Management include the fact that they create a secure and well-arranged working environment while at the same time protecting information and information assets....
4 Pages (1000 words) Research Paper

Information security management framework

It is an overall description of the Topic: Information Security Management Framework Security Policies, Standards and Guidelines So that information can be protected, organizations and businesses are supposed to execute regulations and controls concerned with safeguarding of information as well as the systems used for the storage and processing the information.... This is typically achieved through executing information security policies along with standard and guidelines....
1 Pages (250 words) Research Paper

Information Security Management in the USA

The basic issue in the paper 'Information Security Management in the USA', which the author has chosen for discussion is information hacking.... Thus, an organized collection of procedures, people and information technology (IT) structure that protects decisive systems and information, and secure them from inside as well as outside intimidations is known as Information Security Management (ISM) (Sipior & Ward, 2008), (Northern Illinois University, 2007) and (Grimaila, 2004)....
10 Pages (2500 words) Dissertation
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us