Our website is a unique platform where students can share their papers in a matter of giving an example of the work to be done. If you find papers
matching your topic, you may use them only as an example of work. This is 100% legal. You may not submit downloaded papers as your own, that is cheating. Also you
should remember, that this work was alredy submitted once by a student who originally wrote it.
The author of the current paper "The Role of TJX IT Management in IT Security" points out that information is the firm’s key strategic asset as it is a vital element in planning and decision making as well as in the day to day business control…
Download full paperFile format: .doc, available for editing
Extract of sample "The Role of TJX IT Management in IT Security"
Abstract
Information is the firm’s key strategic asset as it is a vital element in planning and decision making as well as in the day to day business control. Therefore, organizations must make all effort to make sure that their information capitals retain their correctness, integrity, and accessibility. Conversely, ensuring the security of company information assets has become a very complex and challenging action, due to the growing worth of information assets and augmented levels of interconnectivity amongst information systems both inside and among organizations. Indeed, many occurrences of security breaches propose that many organizations are failing to control their information resources efficiently. One increasingly vital mechanism for protecting company information, and in doing so, minimizing the incidences of security breaches, is by the formulation and submission of an official information security policy.
Company Background
TJX was the leading apparel and home fashion trader in the US, in the off-price section. TJX was graded 138th in the fortune 500 grading for 2006. With 17.4 billion US dollars in retailing for the year conclusion January 2007, the company was more than triple the range of Ross Stores Inc., its closest contestant.
The failure points of the top management, middle management, and the user role at TJX.
The main goal of information security policy is to offer the ideal operating surroundings for the organization of information security. A good quality security policy must: outline individual tasks, describe authorized and unauthorized uses of the structures, provide places for employee reporting of recognized or suspected threats to the system, describe penalties for breaches and offer a mechanism for revising the policy (Zeller, 2005, p C1).
Researching the company revealed four significant documents related specifically to information security. These include computer information security, access control policy, electronic computer policy and information protection policy.
The information protection policy is the center of the company’s ISMS. The information protection policy is deliberate to identify and protect all types of information possessed by the corporation or entrusted to it by other corporations. The aims of this policy are to protect against unlawful disclosure and against unlawful modification. It is the responsibilities of the managers and administrative to communicate and make sure compliance with this policy, as all employees who produce and control information are responsible for its safety according to the necessities of this policy. The administration at TJX does not seem to have hired to gripe up operational security or to persuade people to employ strong pass words.
The firm’s computer Security Policy stems directly from its information protection policy and outlines the necessary steps to protect both computers and support company operations and the data that is maintained on those computers. This policy caters for not only privacy and truthfulness but also accessibility to ensure services is not denied to authorize users. These three aims are based on the three traits of CIA triangle, confidentiality, integrity, and accessibility, which also form the basis of the team on National Security Systems form of information security (C. Fisher, 2006. P. 47).
The work of the managers and executives is to communicate this policy, but all employees are accountable for the firm’s property, information system deliverance, system testing, software safety, configuration administration, cryptography, system connectivity and design, security monitoring management, logging and incident response. In TJX employees were sucked for an online post examining that TJX has not beefed up security following the latest, massive information breach that saw 94 million credit card figures copied by criminals and money from their account stolen (Aplin, 2007, p. 531). The employee stated that, initially their user names were the similar as their pass words. After they needed stronger pass words, some executives complained, so they cooperated by allowing empty pass words.
The role of TJX IT management in IT security, policy development, information security, and data and access security
The firm’s Access Control Policy affirms that all users will be recognized, authenticated and allowed before granting contact to company information and computers from unlawful access. The policy winds up with a discussion of the procedures for acquiring security admission, securing computing services and protecting worker’s work station. In how bad guys got into the TJX network, "badly secured in-store workstation kiosks are at least partially to blame for acting as gateways to the corporation’s IT systems. According to a source familiar with the investigation, the kiosks, situated in lots of of TJX's retail stores, allows people apply for jobs by electronic means but also permitted direct access to the firm’s network, as they were not sheltered by firewalls. 'The group which started the breach unlocked the back of those terminals and utilized USB drives to load software onto those workstations,' states the source.
The responsibilities of the user group in the TJX case.
Lastly, the electronic communication security policy is also available. It was established to protect information that is processed, transmitted electronically or stored in support of the company. The policy summarizes the rules for electronic contact system use, as well as telephone and voice mail safety.
It appears that the loss of over forty five million credit card figures and more than 450,000 SSNs, driver's license numbers, and military identifications started with somebody using a "telescope-shaped" antenna at a wireless connection at a Marshall's next to St. Paul, Minnesota in July 2005. The connection was encrypted via WEP, which had been identified to be wrecked ever since 2001 (Bunderson, 2001, p. 187). The crackers who found their way into the TJX inner databases are assumed to be Romanians or Russians with connection to the Russian gang. The ultimate cost of the TXJ failure could surpass $1 billion — not counting the numerous complaints filed against the trader.
The role of TJX top management in funding and governing IT security
For organizations that gather, maintain, and use private data, the laws governing these practices enforce requirements that are uncertain or may differ across jurisdictions or types of information, thereby posturing hard compliance challenges. These challenges may be additionally exacerbated by disagreements in the necessities of numerous state laws (Zeller 2005, p. 41). An overarching feeling in most of these constitutional laws and regulations is to know a duty of care among these institutes regarding the information they collect and preserve based on the consumer’s susceptibility and the real prospective for harm.
Recommend improvements and changes to TJX's work process and IT security.
In conclusion, since privacy crises such as data breaches are often distinguished by indicators that are best practical after the fact, a healthy governance plan embedded within a culture of moral accountability should, provide a more effectual approach to running privacy because uprightness is incorporated into the organization’s background. The stronger the logic of moral accountability as evidenced by the organization’s management and infused all through the company culture, the more likely the institute will be to have applied sound technical, structural, and bureaucratic improvements.
References
Aplin, D. G. (2007, April 2). “TJX Says at Least 46.2 Million Credit Cards Affected in Computer Hack, FTC Investigating,” BNA Privacy &Security Law Report (6:14), pp. 531-532.
Bunderson, J. S. (2001). “Normal Injustices and Morality in Complex Organizations,” Journal of Business Ethics (33), pp.181-90
C. Fisher, (2006) Manage digital assets with ITIL: Improve product configurations and service management, Journal of Digital Asset Management 2(1), pp. 40–49.
Zeller, T. (2005, February 24). “Breach Points up Flaws in Privacy Laws,” NewYork Times, pp. C1
Read
More
Share:
CHECK THESE SAMPLES OF The Role of TJX IT Management in IT Security
the role of these national oil companies have changed and have now taken on more international tones.... The Changing role of National Oil Companies in the International Energy Market Chapter I: Introduction to the Study 1.... Having control over these oil reserves has also brought about greater pressure for oil companies, mostly pressure in relation to their national roles and responsibilities, especially those which relate to supply and demand, globalization challenges, physical security, and international oil competition....
Conclusion In conclusion, it can be said that the role of the security of any organization in the protection of the assets of that organization is an important part of the organizational lifecycle.... Here the results gathered from an interview with security personnel on the role security plays in protecting an organization's assets are discussed.... With a specific emphasis on the security director, it was realized that the role that the security plays in the organization is multi-variant....
Network security has assumed paramount proportions as intrusions are on the rise, whether accidental or malicious, and the research problem raised in the paper are to investigate the preventive methods in this Literature Review reveals that there is more to security than just putting up defences.... It also relates to the psychology of security that adds to the threat instead of obviating it.... Technologically security measures and intrusion capabilities are advancing alongside each other and the race is yet to be decided....
Most EU countries rely heavily on social security contributions, consumption and environmentally related taxes.... The email phishing scheme is a situation in which a person poses as a tax department representative or as a trusted Web site but gets to ask for the taxpayer's Social security number or credit-card or bank-card information.... The main strategy of the EU Tax Department to address this serious risk is to inform all EU individual and corporate taxpayers that it will never ask sensitive information such as Social security numbers and bank information over the Internet or by phone....
security Risks 7
... Thus, the security of this information is really necessary.... he management of security can involve the handling and implementation of the security measures for securing the tax department network and corporate information.... However, this risk could be minimized by using some security tools and techniques such as Antivirus software packages, firewalls etc.
... In addition, a key to success in project management is to identify all stakeholders....
The other category is that of it security, which mainly deals with security pointed towards technology especially relating to cyberattacks (In Wang, In Pieprzyk & In Varadharajan, 2004).... The following paper under the title 'The Intersection between security and Risk Management' gives detailed information about risk management that entails a process focused on identifying, analyzing, and dealing with any form of misfortunes related to an organization.... security refers to the state of safety from any kind of harm or danger....
With the boost in technology and human population, environmental factors such as land degradation, deforestation, and soil pollution amongst others have indeed played a significant role in slashing food security.... ccording to Agricultural Food Organizations, to sustain the global food security standards by 2050, the world will need to double up its current food production standards (UN Panel, High Level n.... According to the UN- high panel on food security, human beings must ensure cohesiveness and integral notion towards addressing sustainability issues such as food insecurity....
In a computing environment, an essential aspect of security is response time and the efficiency of response.... The most effective, tried and tested means is through the establishment of a Computer security Incident Response Team (CSIRT) (Thomas, 2002).... Implementation of a CSIRT is key to the achievement of an organized and well-structured approach towards the eradication of computer security incidents and problems.... For efficient functioning, the firm must be structured so that it acts as a center for incident information, a repository of incident information, and as a coordination wing for the security Responses in the firm (Mellon, 2008)....
6 Pages(1500 words)Case Study
sponsored ads
Save Your Time for More Important Things
Let us write or edit the research paper on your topic
"The Role of TJX IT Management in IT Security"
with a personal 20% discount.