CIO not the only one to blame for Target breach
"I don't understand why the qualified PCI security assessor is totally off the hook in this case," Litan noted. "CIOs rightfully rely on [qualified security assessors] to certify PCI compliance," Litan said. "Sure the standard response is 'well things change between annual assessments'," she said. "Yes they do, but that's a big copout on the QSA's part if you ask me."
Jim Huguelet, an independent retail security consultant, expressed surprise at Jacob's timing. "She did not tender her resignation in the days or weeks immediately following the disclosure when the pressure was most acute," he noted. Jacob also didn't wait longer to put some distance between the event and her departure, he said.
"She does not appear to have a professional background in information technology, so perhaps she felt it was appropriate to allow someone with a deeper technical background to lead their IT organization through the coming months and years of the work ahead of them," Huguelet said.
The Target incident underscores the need for technology executives to keep CEOs and the entire board abreast of cybersecurity developments at all times, said Chris Pierson, chief security officer at Viewpost.
"We as an industry need to improve how we communicate that breaches are not 100% preventable and need the people, tech and processes to handle these sophisticated threats," he said. "This is a cyber, law, privacy, and risk issue that touches everyone and must be addressed holistically."
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
Read more about Data Security in Computerworld's Data Security Topic Center.
- A More Predictable Way to Budget Software Costs Wavetronix enables creative collaboration while cost-effectively accessing all the latest tools with Adobe Creative Cloud for teams. For Wavetronix, collaboration was easy when...
- Adobe Creative Cloud for teams Security Overview This white paper describes the proactive approach and procedures implemented by Adobe to increase the security of your Creative Cloud experience and your...
- 3 Big Data Security Analytics Techniques You Can Apply Now to Catch Advanced Persistent Threats This technical white paper demonstrates how to use Big Data security analytics techniques to detect advanced persistent threat (APT) cyber attacks, and it...
- IT Security by the Numbers: Calculating the Total Cost of Protection Humorist Franklin P. Jones may have said it best: "When you get something for nothing, you just haven't been billed for it yet."...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- On-demand webinar - 7 Keys to Service Catalog Implementation Success Watch this webinar to learn 7 crucial keys to make your service catalog a success! All Data Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!