You are expected to read and analyze the case on Target (https://hbsp.harvard.ed
You are expected to read and analyze the case on Target (https://hbsp.harvard.edu/import/799871) and answer the following questions (note that you will need to pay $4.25 for the case access). The length of your analysis may vary from two to five pages. You are encouraged to use any other research or data, including numerical support or evidence found either in the case itself, your readings, or from sources you research on your own. Include a “References” section in APA style to list your sources at the end of your homework. Please explain in your own words:
What’s your diagnosis of the breach at Target—was Target particularly vulnerable or simply unlucky?
What, if anything, might Target have done better to avoid being breached? What technical or organizational constraints might have prevented them from taking such actions?
What’s your assessment of Target’s post-breach response? What did Target do well? What did they do poorly?
To what extent is Target’s board of directors accountable for the breach and its consequences? As a member of the Target board, what would you do in the wake of the breach? What changes would you advocate?
What lessons can you draw from this case for prevention and response to cyber breaches?
*** For those students who took ITEC 467/667 in Fall 2020, your homework #1 will still be to analyze this case but through a different lens. You are expected to unfold this incident from the perspective of the organization (Target in this case): to analyze how an organization handled it and to look at how the public reacted to the incident (if at all). Your submission will report on the unfolding of events leading up to, during, and after the incident. It is more than just a summary of one or two news articles. It is a meta- and longitudinal analysis of the incident as it unfolded.
Timeline (high-level and also with analyses)
This should include as many of the following elements as possible
Movement of attacker through internal organization (if applicable)
Management detection of threat and organizational response
Organizational restructuring (firing, hirings)
Organization public relations statements or actions
Congressional hearings, FCC or EU sanctions
Stock price movements
Try to piece together as well as you can the organizational response timeline. How long did it take them to respond, how long was the public outraged, when did the event drop out of the news.
Your submission should provide a high-level timeline overview, as well as an analysis of the timeline elements where possible from the three information security management domains: Organization, Technology, People
Technology: What vulnerabilities existed in the technology that were not mitigated. Could they have been mitigated?
Organization: How did organizational policies or culture, or lack thereof, contribute to the compromise, or to a failure to detect the incident
People: Was a human element involved in the incident – perhaps a lapse of an organizational insider, or an insider attack?
Should include a collection of different sources, as close to original-source as possible (e.g., original reporting, organization press announcements, congressional hearings, etc.)