What do you think of the cybersecurity organizational structure at Target?

Target’s information security functions were distributed among the Chief Financial
Officer, Chief Information Officer, and the General Counsel.

Strengths:

they had a proper division of responsibility. There also existed a Cyber Executive
Committee which looked after the overall governance of cyber security. They also had
network monitoring technology which improved their ability to detect attacks.

Weakness:

Information about target’s vendors was publicly available online.

There was no proper method for monitoring vendor’s security arrangements.

Vulnerabilities in the payment card systems.

There was not any specific role assigned for handling information security.

What was the level of cybersecurity preparedness of the company?

Target had invested a huge amount of their money in network security, technology, and
related resources.
Target also arranged annual data security training which was necessary for all its employees.
There was a security operations center that consisted of trained professionals who worked
round the clock to make sure there was no suspicious network activity and reviewed them if
found otherwise
The breach could have been stopped if the multiple alerts generated by FireEye would not
have been ignored as false positive by Target’s team.