Cases with TurnItIn Similarity Scores greater than 30% will not be graded.
Investigate Target’s 2013 breach. Good sources include, but are not limited to, KrebsOnSecurity, news outlets such as Time Magazine, Forbes and BusinessWeek, and company press releases. http://finance.yahoo.com/ and similar services will provide insight into short and long run impacts on stock price. For breach-related costs and for year over year and quarter over quarter revenue impacts look to company annual (10-K) and quarterly (10-Q) SEC filings as well as press releases.
Structure your case by the 4 parts indicated below. It should be approximately 2 pages single-spaced but content is much more important than length. If you feel a longer case is needed to meet the requirements it maybe as long as 4 pages. If sufficient information isn’t available to complete a requirement, personal conjecture is fine but be concise and provide the reasoning behind your conclusions. Graphics may be used but are not required. Any citation format is acceptable including endnotes but be consistent. Case write-ups will be graded for both content and written quality. If you are not a strong writer, or English is not your native language, plan to get help from a friend or the Writing Center prior to submitting your assignment.
Include the following:
Part 1:
What happened with the breach? Include a brief explanation of the type and quantity of information compromised and the injured parties (ex. Customers, employees, etc.).
• How/why did it happen? This should be a detailed discussion. Feel free to describe what happened in technical terms. For example, if a specific malware or type of attack was used, include those details.
o Was there a particular vulnerability the attackers exploited?
o Was an employee or trusted party at fault in the breach?
o What measures, if any, could the company have taken to prevent the breach?
• Was the breach discovered in-house or by a third party?
• Include a brief timeline of major events pre and post breach discovery (5 or more dates).
Part 2:
Complete or reproduce the table below for each of the 5 primary Damage Sources Target sustained after its breach See Cyber Risk Exposure and the Business Reading). You may add more rows as needed. Please complete Part 2 using the table, not in paragraph form. Consult the company’s 10-Ks and annual reports as needed. Provide actual numbers for financial exposures wherever possible.
Primary Damage Source Secondary Damage Sources Actual Damage Sources Financial Exposure Type & Quantity (ex: Market Value Loss: stock price dropped x% following the breach announcement)
Part 3:
• What measures did the company take to minimize the financial impacts of these Damage Sources (i.e. did they have cyber insurance? How did they entice customers to return? How did they try to reduce damage to their reputation)
• Has the company since recovered?
Part 4:
• Was the company compliant with PCI regulations at the time of the breach? Did they comply with data breach notification laws?
• Did the company consider the incident material? Did the company with SEC disclosure guidance?
• Were the executives held liable? Should they have been?
Sample Solution
