1. List and describe the security control weaknesses at Hannaford Bros. and TJX Companies.
2. What people, organization, and technology factors contributed to these problems?
3. What was the business impact of the TJX and Hannaford data losses on these companies and consumers?
4. Were the solutions adopted by TJX and Hannaford effective? Why or why not?
5. Who should be held liable for the losses caused by the use of fraudulent credit cards in this case? TJX and Hannaford? The banks issuing the credit cards? The consumers? Justify your answer.
6. What solutions would you suggest to prevent the problems?
Please refer to the attached file for the response.
Security control weaknesses at Hannaford Bros. and TJX Companies
The said companies have been providing service to many big client organizations. Expectedly, they should be depended upon as far as security control measures are concerned - for the sake of their customers. This is their prime obligation to them. However, the following are the major weaknesses of the said companies:
1. They are still using the old Wired Equivalent Piracy (WEP) encryption system which is relatively easy for hackers to crack.
2. TJX neglected to install fire-walls and data encryption on many of its computers using the wireless network.
3. TJX did not properly install another layer of security software that it had purchased.
4. The companies transmitted credit card to banks without encryption, violating credit card company guidelines.
5. TJX retained cardholder data in its systems much longer than stipulated by industry rules for storing such data.
People, organization, and technology factors that contributed to these problems
1. As to people
The hackers themselves are to be blamed because of their illegal and unethical activities. They knew beforehand the effects of their motives; they still went to the extent of performing such acts for their own interests.
The credit card and debit card holders should have been more responsible enough in handling or in managing their own cards. Specifically, they should have been more responsible enough in monitoring the use of their cards. They should have been vigilant enough to report to proper authorities any hints and doubts about the misuse of their cards.
2. As to organization
The TJX and Hannaford Bros. Companies and other possible companies engaged in similar activities and services should have been more responsible enough in protecting the sacredness of information entrusted in them. They should fulfil their social responsibility to their client companies and customers, to the highest level possible, owing to the critical consequences of any irresponsible acts.
Client companies such as T. J. Maxx, Marshalls, Home Goods, and A. J. Wright stores in the United States and Puerto Rico, ...
The expert lists and descries the security control weaknesses at Hannaford Bros. and TJX Companies. The factors contributed to these problems are determined.