1. List and describe the security controls in place. Where are the weaknesses?
The TJX was still using the old wired equivalent Privacy (WEP) encryption system, which is relatively easy for hackers to crack. An auditor also later found the company had neglected to install firewalls and data encryption, on many of the computers using the wireless network,
And did not properly install another layer of security software it had already purchased .TJX also retained card hold data in its system much longer then stipulated by industry rules for storing such data. This company had very little security controls in place at all. The weakness of having a system that TJX had in place are a hacker can gain unauthorized access by finding weakness in the security protections employed by Web sites and computer systems, often taking advantage of various features of the Internet that make open system that is easy to use another problem is a hacker can install a sniffer which is eavesdropping program that monitors information over the internet so they can find personal information haw they want to.
2 What tools and technologies could have been used to fix the weaknesses?
Here are some of the tools that as owner should be in place, one is Access control it consist of all the policies a company uses to prevent improper access to systems by unauthorized insiders and outsiders. To gain access a user must be authorized and authenticated. Another tool is a firewalls they prevent unauthorized user from accessing private networks. There are a number of firewall screening technologies, and applications, including static packet filtering, stateful inspections, Network Address Translations and application proxy filtering they are often used in combination to provide firewall protection. Others are antivirus and antispyware software, which are designed to check computer systems and drives for the presence of computer viruses and eliminates the virus