That someone had to take the fall for the massive breach at Target is neither surprising nor unexpected. The only question is whether more heads will roll in the aftermath of one the biggest data compromises in retail history.
Target on Wednesday announced that Beth Jacob, its CIO of more than five years,已经辞职。The move comes less than two months after the retail giant disclosed it had suffered a data breach that exposed sensitive data on more than 40 million credit and debit cards.
后来,该公司宣布对另外70亿人口的电子邮件,地址和其他信息也已经曝光的入侵,发生在2013年的感恩节周末的结果。
在美联社的一份声明中,目标公司首席执行官格雷格Steinhafel表示,该公司正在通过信息寻找一个临时CIO可以帮助IT安全大修的违约后开始。
目标也提升了CISO的作用,并正在寻找首席合规官的转型努力的一部分。
这种举动并不寻常遭受重大破坏的组织。在过去的几年中几个CIO和技术高管已连续举办了安全漏洞类似的责任。
2012年,技术服务的犹他爵士队部执行主任被迫辞职在数据泄漏事件暴露的社会安全号码和28万医疗补助等个人数据。犹他州州长加里·赫伯特在寻求辞职引缺乏“监督和领导”。
In 2006, Maureen Govern, AOL's chief technology officer,辞了工作in the aftermath of a disclosure that the company had publicly released data on searches done by about 650,000 of its online subscribers. Two employees in the company's research division, which was responsible for the release of the data, were let go.
同年,俄亥俄大学的首席信息官威廉地对空导弹辞职从他的工作和两个顶尖的IT经理被解雇之后的一系列数据泄露。
Jacob's fate was even more likely given the scope and the nature of the Target compromise.
突破口,目前尚在调查中,为确保目标成本数亿美元的补救成本,诉讼,罚款和诉讼费。
即便如此,发展是不幸的,Gartner分析师Avivah Litan表示。
“你几乎必须与一个每天花费在安全问题上是一种有效的大型零售商CIO这些天25小时一个超人。这根本不存在,”利坦说。
It is also surprising that the company that assessed Target's compliance with the Payment Card Industry Data Security Standard is not taking some responsibility, she said. Target suffered the breach despite being certified as being PCI compliant.
“我不明白为什么PCI合格安全评估机构是完全关闭在这种情况下,钩,”利坦说。“CIO们理所当然地依靠[合格安全性评估]证明PCI合规性,”利坦说。“当然标准的反应是‘好东西周年评估之间改变’,”她说。“是的,他们这样做,但是这对QSA的部分大copout如果你问我。”
Jim Huguelet, an independent retail security consultant, expressed surprise at Jacob's timing. "She did not tender her resignation in the days or weeks immediately following the disclosure when the pressure was most acute," he noted. Jacob also didn't wait longer to put some distance between the event and her departure, he said.
“她不会出现在信息技术的专业背景,所以也许她认为这是适当的,让别人有了更深的技术背景,通过工作的未来几个月和几年来带领他们的IT部门在他们之前,” Huguelet说。
目标事件突显了科技的高管,以保持首席执行官和整个董事会掌握网络安全的发展在任何时候,克里斯·皮尔森在Viewpost首席安全官说。
“我们作为一个行业需要改善我们的通信方式是违规不是100%可以预防的,需要的人才,技术和流程来处理这些复杂的威胁,”他说。“这是一个网络,法律,隐私和风险问题触动每一个人,必须全面解决。”
本文,CIO不是唯一一个责怪目标违约,最初发表于Computerworld.com。
Jaikumar维贾雅恩覆盖数据安全和隐私问题,金融服务安全和计算机世界电子投票。按照Jaikumar在Twitter上@jaivijayanor subscribe toJaikumar的RSS提要。他的电子邮件地址是jvijayan@computerworld.com。
看到多由Jaikumar维贾雅恩上Computerworld.com。
了解更多关于数据安全in Computerworld's Data Security Topic Center.
这个故事,“CIO不是唯一一个责怪目标违反”最初发表计算机世界 。