Fourth, in the aftermath of the attack, the risks and threats that the company is exposed are further security breaches that could expose critical and private secret trading information of the company. This could lead to financial loses since hackers can …show more content…
In my opinion the PCI-DSS standards in place should lead to a secure network and ultimately protect the cardholder data. The Payment Card Industry (PCI) data security standard has important requirements like maintaining a firewall configuration, regularly updating anti-virus software, encrypting transmission of cardholder data across open, public networks to name a few. Unfortunately, the auditing practices at TJX were poor and did not identify the real problems with the TJX systems. The were three crucial issues with the TXJ systems. The first one was the absence of network monitoring; according to the PCI standards, a firewall or a “do not use vendor-supplied defaults for system passwords” was required. They also violated the second PCI standard of protecting the cardholder data by not keeping data logs, and the presence of unencrypted data stored on the system. The stolen information was from old transactions from 2002 which were supposed to be