CSI2102 Security Breach Occurred In Target Stores Assignment 1 Answer

pages Pages: 4word Words: 890

Question :

CSI2102- Information Security

Assignment 01 – Information Security Case Study Semester 02, 2019


Title:                Information Security Assignment 1

Purpose of this assignment:

The purpose of this assignment is to support the following unit Learning Outcomes (LO) for this unit:

LO 1: Evaluate the advantages, disadvantages, threats and vulnerabilities associated with various IT environments.

LO 2: Apply concepts, principles and techniques relating to the security of information.

LO 3: Synthesise data gathered from a variety sources.

LO 4: Identify the importance of information to organisations and society in general. LO 5: Outline the ethical and legal issues associated with information security and analyse their implications.

Task: Target Case Study

This assignment will rely on material from week 1 through 4 and additional research. In Week 2 we briefly looked at an article, Target Investigating Data Breach. Assignment 1 will extend on week 2 where you are required to further investigate the Target breach and complete the following tasks.

Note: You will need to read about the Target breach from multiple sources,do not reply on one paperalone.

Using the unit material (particularly the first four modules) and academic literature, present a small report on the Target breach.

Your report should address:

  1. Briefly describe the target breach
  2. Identify the threats target faced in this particular case and depict these threats using a mind map timeline or diagram. You should accompany the diagram with and overview or outline of the threat landscape to provide context.
  3. Discuss the CIA triad and how these principles relate to the information security breach, i.e., what information was breached and does it relate to confidentiality , integrity and availability (CIA)
  4. What protections were in place; what worked and what failed in this particular case.
  5. Discuss the legal and ethical issue associated with the breach.
Cover/Title   Page
Must show the unit codeand title, assignment title, your nameand student number,due date and the title of your topic.
Table of   Contents
Not required.
Introduce the report, define its scope and state   any assumptions. Use in- text references
Main report   content
The report should address   the task outlined above.
A listof end-text references formatted according to the ECU requirements usingAPA 6th format. It is   recommended that Endnote is used tomanage references.   Your references should ideally comprise of books, journal articles and   conference papers.
This report should be between 1000 and 1500 words (excluding references   and diagrams) and labelled as   <lastname_firstname_StudentID_CSI2102_Assignment_1
>.docx and should be in   a single file.

Your assignments must be word-processed and the diagrams be developed   using graphics software (most word-processors provide this facility). The   text must be no
smaller   than 12pt and font Times New Roman

Show More

Answer :


Executive Summary

This report has shed light on security breach occurred in Target stores. The report has provided brief information on target breach that resulted in POS intrusion and vulnerability of vendor portals of Target. It has also provided the implication of CIA (Confidentiality, Integrity and Availability) which can be utilised to secure information in computerised environment. The latter section has discussed the protective framework of Target that worked and also identified failed protection.  


The development of technological environment has increased illegal intrusion of system employed in organisations and institutions. This report has considered the data security breach occurred in Target in 2013 and breached the information of individuals that are mostly consumer and business information. It has provided a brief overview on target breach and also discussed the correlation between securing computer information and CIA (Confidentiality, Integrity and Availability) triad.

Description of target breach

The security breach of informative data in Target was primarily conducted to acquire information of consumer data. The hacking activity focussed on acquisition of consumer information that shopped in Target store with credit and debit cards. It has been stated by Pandya & Patel (2018) that breach of retail store often regulates the business performance and also brings down the faith of consumers over business organisation. The opinion of author can be resonated with the breach in Target because information breach has compromised the POS (Point of Sale) system implied by Target. Target has been operational in United States and Canada with a total retail store of more than 1800 (target.com, 2019). The negative impact on consumer trust and interruption of social as well as business function has led management of Target to sack CEO and other employees deployed to create secured technical environment. It has been found out that Target breach has led to stealing of 41 million regular consumers (bankinfosecurity.com, 2013). The informative content that were reported to have been stolen from Target IS are three electronic card information and three digital codes along with passwords of consumers that were utilised to make transactions.      

Threats faced by target and depiction of threat with mind map

POS intrusion

The breach on POS system of Target was organised to acquire first hand information on customer purchase and their personal information stored in computer database of Target. As per the opinion of Safa, Von Solms & Furnell (2016) breach on POS system can impose financial losses from future sales and psychological impact on consumer. The highlighting factor can be termed authentic for Target case that POS intrusion has resulted in brand popularity as they are mostly active in US and Canada. 

Loss of Vendor portal confidentiality

Vendor portal is supposed to be secured by organisations to increase the trust between relationship of company with vendors and suppliers. However, breach of vendor portal could not only propagate false information but also reduced the supply chain process of Target. As per the case of data breach in Target, it exposed hackers with sensitive information such as virtualisation software details and security patches that were implied by Target to make secure communication with vendors (Radichel, 2014). Loss of specific detail has not only introduced negative impact on vendor details but also revealed information regarding the operational process in Target.  

Infiltrated network

The infiltrated network of Target has empowered the attackers to take charge of administrative procedure. Soomro, Shah & Ahmed (2016) has advised that administrative privileges of any organisation need to be managed securely so as to avoid complications in business activity. This access has allowed attackers to bypass highly encrypted stage of IS security in Target. 

Mis-configuration of domain control

The unwanted activity of domain control has compromised the business facility to communicate with stakeholders of Target. This threat has allowed attackers to take charge of Target’s central authorization procedure and also changed the endpoint services implied for monitoring the business process. 

Threats      of TARGET

POS intrusion

Loss of Vendor portal      confidentiality

Mis-configuration of domain      control

Infiltrated network

Financial losses
Information on customer purchase
Personal information
Propagation of false information
Complication in supply chain process
Administrative privileges to attackers
Bypass highly encrypted stage
Compromised communication with stakeholders
charge of central authorization portal

 Mind map

Figure 1: Mind map

(Source: Created by author)

Discussion of CIA triad

The information security of a particular system is mainly applied to acquire confidentiality, protecting the integrity and make information available for only authorised person. The trinity of CIA triad helps in following the technological policy implied by the governing body of network. According to the views of Safa et al. (2015) CIA triad allows an operator to ensure accuracy, availability and possession of correct information. These by-products of CIA triad do not only help in accessing the informative content without any disturbance but also result in securing the data being occupied by crashed hard drives. The principle of CIA is also considered to be three key principles of Confidentiality, Integrity and Availability.


This principle signifies the secured nature of information that cannot be accessed due to protection mechanism implied for data. McCormac et al. (2017) has considered Confidentiality principle as the crucial aspect of CIA triad and also attacked by various hackers. Some of the techniques such as encrypted framework is implied to secure data.  


Integrity principle ensures that data secured are of authentic nature and cannot be subjected to change from original source. The provision of integrity result in maintaining the trust of receiver


This principle is relevant to ensure that secured information can be made available for individuals with authorisation.

Relation of CIA triad principles with information security

The secured access of informative content in computerised environment requires the confidentiality of company information so that exploitation from competitive companies can be avoided. It can be mentioned that confidentiality principle helps in understanding the methods that can be employed to secure company data. The security breach occurred in Target business can be relatable to confidentiality principle because it mostly acquired control of administration and consumer data. Mosenia & Jha (2016) has stated that confidentiality breach of consumer data does not only expose them to financial transaction that took place between company and consumer. This information breach along with threat of vulnerability in vendor portal has not only disclosed vendor information to hackers. It also resulted in trust breach of consumers and suppliers from Target. Therefore, breach of security also made consequential effect on integrity of Target consumers. Loss of consumer trust has not only resulted in derailment of popularity but also loss of potential consumer base. On the contrary, Tan et al. (2018) has stated that relations between breach of security and availability are required to ensure information can be available to consumers. The need to meet consumer demand can be acquired by Target through proper use of availability of information.  

Protections employed and identification of failure

The protection of confidential information from illegal hacking was generally blocked by installation of defence in depth security mechanism. This particular system is more of a single layered protection wall that allowed Target employees to detect minor issues in illegal activity during monetary transaction and also control the monitoring system of cameras employed in Target. It has been pointed by Kumar, Raj & Jelciana (2018) that defence in depth ensures the encryption of documents. Therefore, it can also be mentioned that Target has also employed encryption algorithm for securing the physical access of hardware components. Encryption of documents allowed Target to reduce the availability of information to third party components. 

Implementation of defence in depth content in Target has worked in identifying the source of hacking activity that acquired access to consumer data. It has also resulted in better infrastructure for management of customer data by alerting them about the breach. On the other hand, Tan et al. (2018) has stated that failure of encryption often result in illegal acquisition of personalised information of company. This viewpoint points out that encryption mechanism has not worked in Target as it could not be able maintain CIA principle and resulted in theft of consumer and vendor data.   

Legal and ethical constraints with security breach

The legal aspect provided by National Conference of State Legislation in United States is being utilised as a key legal boundary for attackers and private companies to refrain from illegal intrusion of computer. It has been noticed that legislative department of US has instructed private companies to employ relevant security measures that could help them in avoiding data breach. As per section 21 of Data Security and Notification Act, companies that are intruded by illegal activity have to inform their consumers regarding the breach (congress.gov, 2019). One of the major ethical issues that can be associated with Target breach is that they have not paid necessary attention to antimalware and data protection system to protect their consumer data. Target has not also followed CIA principle to ensure firewall against illegal access of vendor and consumer information. 


CIA triad is the most relevant aspect of information system as it manages the secured nature, trust and information availability. Report has pointed to the conclusion that Target has only implemented single layer protection system for managing the illegal intrusion of hackers. The primary reason that motivates hackers to acquire information data through unethical means is to acquire personal information of user. These data can either be sold to third party or manipulated to create ransom ware demands.