Risk
3/6/2014
12:35 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Target Starts Security, Compliance Makeover

With CIO departing, security and compliance get a higher profile at the beleaguered retailer in the wake of its massive data breach.

The departure of Target's CIO Wednesday and the creation of a dedicated chief information security officer position and a new compliance officer began a new chapter in the retailer's post-breach security posture.

Security experts say that aside from the executive changes and reorganization, there are other holes the mega-retailer will have to plug to prevent another massive breach like the one that resulted in the theft of 40 million customer credit and debit card numbers and the names and contact information of up to 70 million people.

CISO duties at Target previously had been split among multiple people. The new CISO at Target will have centralized oversight and responsibilities for the retailer's information security, as Target's executive VP of Target Technology Services and Chief Information Officer Beth Jacob has now left the post she had held since 2008.

Raj Ramanand, founder and CEO of Signifyd, said it's surprising that the CIO was managing security duties at Target. "In most large enterprises, the CISO has a direct reporting line to the board of directors and to the CIO of the company," he says. "I'm surprised by the fact that this was all being managed by the CIO and they didn't have separate officers in charge."

Read the rest of this story on Dark Reading.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0279
Published: 2015-03-26
JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.

CVE-2015-0635
Published: 2015-03-26
The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Autonomic Networking Registration Authority (ANRA) responses, and consequently bypass intended device an...

CVE-2015-0636
Published: 2015-03-26
The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (disrupted domain access) via spoofed AN messages that reset a finite state machine,...

CVE-2015-0637
Published: 2015-03-26
The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) via spoofed AN messages, aka Bug ID CSCup62315.

CVE-2015-0638
Published: 2015-03-26
Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge) via crafted ICMPv4 packets, aka Bug ID CSCsi02145.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.