Security Controls

List and describe the security controls in place. Where are the weaknesses?

TXJ Companies’ security controls were very weak. The organization used the Wired Equivalent Privacy (WEP) encryption system, instead of upgrading to Wi-Fi Protected Access (WPA), apparently because beefing up security wouldn’t “provide a clear return on investment” (Laudon & Laudon, 2009, p.263). This means that what encryption the company did use was weak and easy to crack. Although it sounds as if firewalls were used to protect the main databases, the wireless networks used in TXJ’s retail stores did not have firewalls or data encryption on many of their computers, and there was no firewall separating the publicly accessible computer kiosks from the company’s internal network. This internal network stored credit card information on an old legacy system where the information resided for years when it should have been stored only a short time. This is a violation of Payment Card Industry (PCI) regulations, as is TXJ’s habit of transmitting unencrypted card data to banks over the public Internet. Finally, any anti-virus software the company installed was installed improperly, rendering their few attempts at security even weaker.

What tools and technologies could have been used to fix the weaknesses?

                The WEP system should have been upgraded to WPA to strengthen encryption for the stores’ wireless networks. This WPA system, as well as firewalls, should have been installed on every computer by a professional who could install them, and the antivirus protection, correctly. TXJ’s retail stores could also have benefited greatly from intrusion detection systems. There should also have been a firewall separating the internal databases from the public kiosks, and closer monitoring of the use of same, perhaps something as simple as a security camera. Transmissions on public networks, especially those containing credit and debit card information, should have been properly...