Risk
3/6/2014
12:35 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Target Starts Security, Compliance Makeover

With CIO departing, security and compliance get a higher profile at the beleaguered retailer in the wake of its massive data breach.

The departure of Target's CIO Wednesday and the creation of a dedicated chief information security officer position and a new compliance officer began a new chapter in the retailer's post-breach security posture.

Security experts say that aside from the executive changes and reorganization, there are other holes the mega-retailer will have to plug to prevent another massive breach like the one that resulted in the theft of 40 million customer credit and debit card numbers and the names and contact information of up to 70 million people.

CISO duties at Target previously had been split among multiple people. The new CISO at Target will have centralized oversight and responsibilities for the retailer's information security, as Target's executive VP of Target Technology Services and Chief Information Officer Beth Jacob has now left the post she had held since 2008.

Raj Ramanand, founder and CEO of Signifyd, said it's surprising that the CIO was managing security duties at Target. "In most large enterprises, the CISO has a direct reporting line to the board of directors and to the CIO of the company," he says. "I'm surprised by the fact that this was all being managed by the CIO and they didn't have separate officers in charge."

Read the rest of this story on Dark Reading.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-1793
Published: 2014-12-25
rendering/svg/RenderSVGResourceFilter.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted SVG document that leads to a "stale pointer."

CVE-2011-1794
Published: 2014-12-25
Integer overflow in the FilterEffect::copyImageBytes function in platform/graphics/filters/FilterEffect.cpp in the SVG filter implementation in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified ...

CVE-2011-1795
Published: 2014-12-25
Integer underflow in the HTMLFormElement::removeFormElement function in html/HTMLFormElement.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document con...

CVE-2011-1796
Published: 2014-12-25
Use-after-free vulnerability in the FrameView::calculateScrollbarModesForLayout function in page/FrameView.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaS...

CVE-2011-1798
Published: 2014-12-25
rendering/svg/RenderSVGText.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 does not properly perform a cast of an unspecified variable during an attempt to handle a block child, which allows remote attackers to cause a denial of service (application crash) or possibly have unknown othe...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.