Target Unncryption Case Study

Target Unncryption Case Study

Several organizations that have faced recent major breaches use encryption strategies. Unfortunately, encryption is frequently not applied and used properly. A strong security strategy is needed which keeps entire systems in a comprehensive way in order for encryption to be successful. For instance, an encryption process and large key may become useless if the encryption key is collected with the data. The cybercriminals will simply gain access to the system and use the key to unencrypt the data (Ferguson, Schneieir, & Tadayoshi, 2010, p. 12). For encryption to be operative, company must use a defense in depth strategy in which you also keep the key and protect access to systems where the data needs to be unencrypted in order to be managed.



Target allegedly paid a great deal of money on security technology (Capacio, 2014). Although systems used encryption, the encryption was incompetent because the data was retrieved in memory where it was unencrypted. Though some level of ... Show more content on Helpwriting.net ...It shows that there were weaknesses in each layer of defense used by Target that eventually allowed cybercriminals to gain access to some of their most sensitive data.



Although many security procedures were in place throughout the Target organization, extra layers of protection would have blocked the attack at many points along the way. Using a stronger Defense in Depth strategy would have guaranteed that each level was not reachable from the next. Furthermore, protections on the POS system itself could have added extra security to the data.

Critical Control



In 2008, the federal government arranged a group of public and private organizations to come up with a list of Critical Controls founded on many other cyber security lists and guidelines. Critical Controls are added to the list because they help avoid and identify known attacks efficiently (SANS Institute,

... Get more on HelpWriting.net ...