NaikPIN numbers were stolen as wellwhichwould have had helped towards stabilising and mitigating the impact;the decision to continue operating stores inspite of breach discovery by Target CEO Gregg Steinhafel on December 12th;poor customer support services through call centres further leadcustomers helpless and unable to protect themselvesdue to lack of information.These were a result of lack on appropriate response strategyindicatingOverreliance on intuition to make security decisions.Q3. What recommendations would you give to the company in order to improve their security operations?Answer. My personal recommendation for the company would be to first of all design an appropriate attack response strategy,protocol in order to better handleany future attacks;improvise on the network segmentation to better safeguard confidential information,act upon system vulnerabilities as soon as reported,include assessment of security implementation by the external vendor’s as part of the pre-requisites before providing them access to Target’snetworkto minimize the attack surface,create a list of approved servers and internet connections Target’s network shouldcommunicate within order to make sureallcracksinsecurity foundationare fixed; prioritizingsecurity reports, alerts by Target’s security teams,their intrusion detection software like the FireEye software, the FireEye Teamby buildingsituationalawareness of the evolving state of attacks
NaikPIN numbers were stolen as wellwhichwould have had helped towards stabilising and mitigating the impact;the decision to continue operating stores inspite of breach discovery by Target CEO Gregg Steinhafel on December 12th;poor customer support services through call centres further leadcustomers helpless and unable to protect themselvesdue to lack of information.These were a result of lack on appropriate response strategyindicatingOverreliance on intuition to make security decisions.Q3. What recommendations would you give to the company in order to improve their security operations?Answer. My personal recommendation for the company would be to first of all design an appropriate attack response strategy,protocol in order to better handleany future attacks;improvise on the network segmentation to better safeguard confidential information,act upon system vulnerabilities as soon as reported,include assessment of security implementation by the external vendor’s as part of the pre-requisites before providing them access to Target’snetworkto minimize the attack surface,create a list of approved servers and internet connections Target’s network shouldcommunicate within order to make sureallcracksinsecurity foundationare fixed; prioritizingsecurity reports, alerts by Target’s security teams,their intrusion detection software like the FireEye software, the FireEye Teamby buildingsituationalawareness of the evolving state of attacks