Abstract: This case study follows the security breach that affected Target at the end of 2013 and resulted in the loss of financial data for over 70 million customers. The case provides an overview of the company and describes the reasons that led to one of the biggest security breaches in history. It offers a discussion on Target’s vendor management processes and the vulnerability at Fazio Mechanical Services that was among the main causes of the breach. Further, the case introduces the incident response plan implemented by Target and discusses the aftermath of the attack. The lessons learned describe some of the steps the company took to mitigate risks in the future and to strengthen its security posture. While the breach had a significant impact on Target, the organization was able to fully recover from it and develop best practices that are now widely implemented by other retailers. The case is suitable for both undergraduate and graduate students enrolled in information security or information systems courses that discuss vendor management, security incident response, or general security program administration topics.
Keywords: Information assurance & security, Cybersecurity, Case study, Teaching case, Experiential learning & education
Download this article: JISE - Volume 29 Issue 1, Page 11.pdf
Recommended Citation: Plachkinova, M. & Maurer, C. (2018). Teaching Case: Security Breach at Target. Journal of Information Systems Education, 29(1), pp. 11-20.