Skip the navigation

CIO not the only one to blame for Target breach

March 5, 2014 04:14 PM ET

"I don't understand why the qualified PCI security assessor is totally off the hook in this case," Litan noted. "CIOs rightfully rely on [qualified security assessors] to certify PCI compliance," Litan said. "Sure the standard response is 'well things change between annual assessments'," she said. "Yes they do, but that's a big copout on the QSA's part if you ask me."

Jim Huguelet, an independent retail security consultant, expressed surprise at Jacob's timing. "She did not tender her resignation in the days or weeks immediately following the disclosure when the pressure was most acute," he noted. Jacob also didn't wait longer to put some distance between the event and her departure, he said.

"She does not appear to have a professional background in information technology, so perhaps she felt it was appropriate to allow someone with a deeper technical background to lead their IT organization through the coming months and years of the work ahead of them," Huguelet said.

The Target incident underscores the need for technology executives to keep CEOs and the entire board abreast of cybersecurity developments at all times, said Chris Pierson, chief security officer at Viewpost.

"We as an industry need to improve how we communicate that breaches are not 100% preventable and need the people, tech and processes to handle these sophisticated threats," he said. "This is a cyber, law, privacy, and risk issue that touches everyone and must be addressed holistically."

This article, CIO not the only one to blame for Target breach, was originally published at Computerworld.com.

covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at Twitter @jaivijayan or subscribe to Jaikumar's RSS feed Vijayan RSS. His e-mail address is jvijayan@computerworld.com.

See more by Jaikumar Vijayan on Computerworld.com.

Read more about Data Security in Computerworld's Data Security Topic Center.



Our Commenting Policies
Internet of Things: Get the latest!
Internet of Things

Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!