Analyzing Target's Cyber Breach Through Accounting Information System

Verified

Added on 2023/06/10

AI Summary

This case study examines the 2013 cyber-attack on Target Corporation, where millions of customers' data was compromised. The analysis focuses on the role of the accounting information system (AIS) and the responsibilities of the board of directors, CFO, and CIO in ensuring data security. The study highlights the failures in internal controls, weak firewalls, and the use of spam emails as contributing factors to the breach. It emphasizes the importance of a robust network security model, updated firewalls, and the implementation of effective antivirus measures to protect against cyber threats. The case concludes that stakeholders, particularly the CIO and CFO, must prioritize data security and ensure that appropriate security protocols are in place to prevent future breaches. The document highlights the need for continuous improvement in cybersecurity practices to mitigate evolving cyber risks.

Running head: ACCOUNTING INFORMATION SYSTEM
Accounting Information System
Name of the Student
Name of the University
Author’s Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

2
ACCOUNTING INFORMATION SYSTEM
1. Cyber-attack at Target Corporation has been a great shame for the company as millions
of data and passwords of customers have been hacked within a few seconds. The audit
committee of the company has been investigating the cause of the cyber breach in the company.
The committee found that there has been an internal person of the company for this breach
(Buczak & Guven, 2016). The board of directors of the company has been properly investigated
in this case for finding the reason for the breach. The Chief Financial Officer (CFO) and Chief
Information Officer (CIO) has been filed a derivative lawsuit against them. The lawsuit claimed
that virtue of the position of the members of the board of directors, they have been found accused
of the scenario (Rodriguez et al., 2015). The personal and financial information of the company
has been kept with them. However, in response, lawyers of Target claimed that directors were
not liable for cause as they have been bounded with firm’s Articles of Incorporation.
I would perform security analysis in the Target Corporation for identifying flaws in the
network security. There is a need for changes in security systems in the company. The firewalls
of company have been weak for a long time. The Audit Committee has highlighted that it was
the responsibility of the board of directors for reporting their financial assets seriously to the
company. They have failed in supervising their internal controls and cybersecurity systems.
The firewall used in the company including Malware bytes has been not capable of
restricting spam emails and updated viruses. The use of various techniques for the compounding
this cyber-attack including spam emails. The network security model of the company needs to
change onwards. Therefore, the firewall of a company needs to be updated with the latest version
that will help in restricting various malicious viruses and malware from entering into the network
of the company.

3
ACCOUNTING INFORMATION SYSTEM
2. Cyber-attacks have been becoming a threat in the US Corporations in past years. Various
advances in the IT field have given rise to the cyber threats and risks for companies. In the case
of Target Corporation, the company has been attacked due to fault of the stakeholder and board
of directors. They have not fulfilled their responsibility of providing security to their data and
information in the database (Gupta, Agrawal & Yamaguchi, 2016). Therefore, it can be
concluded that the use of proper network security model is required for providing security to data
and information. The stakeholders play an important role in maintaining the security of network
and data of the company. The CIO and CFO need to be responsible for maintaining and securing
protocols of the company to ensure the security of data and information of the company (Liu et
al., 2015). The use of antivirus might help in detecting and restricting malware and viruses in the
network of the company. It is understood that stakeholders are an important asset for the
company as their decision-making skills might help in the development of the company.
However, any wrong decision, in this case, has created such a big problem for the company.

4
ACCOUNTING INFORMATION SYSTEM
References
Buczak, A. L., & Guven, E. (2016). A survey of data mining and machine learning methods for
cybersecurity intrusion detection. IEEE Communications Surveys & Tutorials, 18(2),
1153-1176.
Gupta, B., Agrawal, D. P., & Yamaguchi, S. (Eds.). (2016). Handbook of research on modern
cryptographic solutions for computer and cybersecurity. IGI Global.
Liu, Y., Sarabi, A., Zhang, J., Naghizadeh, P., Karir, M., Bailey, M., & Liu, M. (2015, August).
Cloudy with a Chance of Breach: Forecasting Cyber Security Incidents. In USENIX
Security Symposium (pp. 1009-1024).
Rodriguez, R. J., Schweikert, W. R., Thornton, Y. M., Powell, W. S., Perez-Piris, E. R., Cuenco,
J. S., & Mikurak, M. G. (2015). U.S. Patent No. 9,159,246. Washington, DC: U.S. Patent
and Trademark Office.