Target Corp CSOL 520 Assignment 2 - Kevin Splittgerber

1 2 3 4 5 6 7 8 9 10 11 12 13
Green Field Greenfield Target
Business Business Impact Potential High-Level Vulnerability Risk High Level Control Vulnerability Mitigrated
ID Business Driver Attributes Requirement High-Level Threat Business Impact Value Vulnerability Value Category Objectives Value Risk Category
BD0001 Customer Experience

Incremental changes
Loss of revenue due Implement user
to the site does not No uniform design
Customers expect an Usability, E-commerce site has to customer experience program
follow conventions, specifications for e-
BD001-1 easy, positive Consistent, a simple, intuitive frustration, customer H H A to design, test and L C
similar processes commerce website,
shopping experience Reliable user interface seeks other online validate design and
have different no user testing
retailers usability goals
interfaces

Customer Unsegmented Segment networks to

Threat actors gain Loss of customer
Customer expect information is not to networks, isolate systems from
Private, access to systems confidence, bad
BD001-2 privacy of personal be sold, or accessed H no/insufficient access H A one another, L C
Trustworthy containing customer press, damage to
information by unauthorized control measures, out implement zero trust
information brand
parties of date anti-virus model

Supply chain Processing time

management system Disjointed, analysis to find
Wasted time and Third-party suppliers
Usability, procures products cumbersome and exessive time spent in
Customers expect resources dedicated are not connected to
Productive, from many inaccurate procurement,
BD001-3 variety of products to managing H supply chain H A L C
Enabling Time wholesalers and procurement onboarding and
with good value procurement manangement
to Market improves efficiency processes and training of third-party
processes system
through entire supply management suppliers to use
chain procurement system

BD0002 Compliance with laws and regulations

Follow PCI DSS

E-commerce security standards,
Ensure systems are Loss of customer Unsegmented
application servers firewall protecting
fully compliant with confidence, networks,
Full compliance with Compliant, are vulnerable to systems with
BD0002-1 PCI DSS. Systems and regulatory fines, H no/insufficient access H A L C
PCI DSS Secure malware that allows sensitive information,
applications are settlements with card control measures, out
remote access to strong access control,
assured to be secure processing companies of date anti-virus
cardholder data maintain anti-virus
software
BD0003 Business Operations

Loss of availability to
All systems, internal Redundant systems,
any of the mission
and customer facing host monitoring,
critical systems. (e.g. Loss of revenue, Untested system
Available, should have 99.99% edge DDOS
BD0003-1 Business continuity e-commerce website, customer confidence, H failover, no disaster H A L C
Recoverable uptime and protection, regular
Point of Sale, business operations recovery plan
recoverable with no testing of recovery
Enterprise Resource
loss of data plans
Planning system, etc.)