ACC/ACF 2400 - Cybersecurity Autopsy of Target Data Breach

Verified

Added on 2023/06/07

AI Summary

This case study examines the Target data breach, focusing on the human dimension of information security. It highlights how failures in adhering to security measures, ignoring system alerts, and inadequate user training contributed to the breach. The analysis emphasizes the importance of encryption, authentication, authorization, and access control mechanisms in preventing data breaches. The case underscores the need for organizations to prioritize data security measures, including user training and threat control, to enhance data privacy and confidentiality. Desklib offers a wide array of solved assignments and past papers for students.

Cybersecurity- Autopsy of a data breach
Name
Institution
Professor
Course
Date

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Human dimension of information security
Information system security has become one of the fundamental security concern in
technology error. Most of the cybersecurity issues are caused by human inability to act
accordingly (Johnston & Warkentin, 2010). Human aspect in information security builds the
subject of discussion on how human factor might be a major loophole in fight against
cybersecurity. It is a reality human have had a great contribution to cybersecurity by failing to
adhere to required security measures. Data collection and storage by any organization should be
stored securely and in a secure manner. According to Prasad et al. (2011), confidentiality of data
must be guaranteed by any firm purporting to collect sensitive data for business use. In this case,
organization fail to meet the principle of confidentiality by not storing data while encrypted.
Encryption makes it difficult to make use of data even after hackers gain access to data storage.
Similarly, failure by organizations to put in place both authentication and authorization measures
makes data vulnerable (Chandler, 2012). Authentication is used by organization to determine
who has access to systems and data storage devices. On the other hand, authorization gives
privileges to authenticated system user to manipulate data. In regard to data collection, storage
and access principles, human factor has been rated as one of the most cybersecurity concern
causing data breaches. Most of the data breaches that have been reported shows cybersecurity
experts, novice system users and organizational management reluctant in enforcing information
system security measures (Proctor & Zandt, 2018). It is generally acceptable that, minimizing
human factor in cybersecurity can result to reduced data breaches.
Human dimension on Target case data breach
It is definite that human dimension contributed greatly to Target data breach. At first
instance, through use of automated penetration detection system, Targets security experts were

able to receive alerts but did not take necessary measures to determine their originality. Alerts
were usually made to serve as a signal to Target’s experts on possibility of unauthenticated
system penetration (Budzak, 2016). Despite system generating alert signals prior to first instance
of data importation, experts decided to ignore such important signals. Additionally, Target
experts went ahead to put off alert generation since they did not have trust on them. Deactivating
alerts and ignoring any system alert shows a blatant experts idea to disregard indicators of
possible system penetration. Further, observable human aspect that contributed to Target data
breach was use of direct channel between its Point of Sale (PoS) networks to the HVAC firm
Fazio Mechanical services. Through use of organizational trusted trading partner, hackers used
phishing to get a single response from Target network. The last factor that contributed to Target
data breach was failure by experts from warning novice users’ against responding to untrusted
emails. All these human factors gives enough proof of reluctant in preventing any form of data
breach. To enhance data privacy and confidentiality, Target firm should have implemented data
security measures such as; access control mechanisms, identification and classification of system
users in terms of threat control and training of users (Makridis & Dean, 2017).
References
Budzak, D. (2016). Information security–The people issue. Business Information Review, 33(2),
85-89.
Chandler, D. (2012). Resilience and human security: The post-interventionist paradigm. Security
dialogue, 43(3), 213-229.
Johnston, A. C., & Warkentin, M. (2010). Fear appeals and information security behaviors: an
empirical study. MIS quarterly, 549-566.

Makridis, C. A., & Dean, B. (2017). The Economic Effects of Cyber Security Failures on Firms:
Evidence from Publicly Reported Data Breaches.
Prasad, P., Ojha, B., Shahi, R. R., Lal, R., Vaish, A., & Goel, U. (2011). 3 dimensional security
in cloud computing. In Computer Research and Development (ICCRD), 2011 3rd
International Conference on (Vol. 3, pp. 198-201). IEEE.
Proctor, R. W., & Van Zandt, T. (2018). Human factors in simple and complex systems. CRC
press.