Implementing IT Security Management in Target Corporation: Challenges, Steps, and Solutions

Research Questions

Task:

Improper data management and lack of protection of the employee datasets is one of the prime challenges which are being faced in Target Corporation for a longer period of time. However, it can be stated that implementation of IT Security Management can be very much beneficial for Target Corporation, as it can help them in minimising the issues they have been facing over the years.

The list of research questions of this proposal are as follows:

What are the steps required to implement IT Security Management in Target Corporation?

How can the challenges of implementing IT Security Management in Target Corporation be addressed?

Computer security is often divided into three distinct master categories, commonly referred to as controls:

Physical, Technical, Administrative.

Physical Controls

Physical control is the implementation of security measures in a defined structure used to deter or prevent unauthorized access to sensitive material. Examples of physical controls are: Closed-circuit surveillance cameras, Motion or thermal alarm systems, Security guards, Biometrics (includes fingerprint, voice, face, iris, handwriting, and other automated methods used to recognize individuals).

Technical controls use technology as a basis for controlling the access and usage of sensitive data throughout a physical structure and over a network. Technical controls are far-reaching in scope and encompass such technologies as: Encryption, Smart cards, Network authentication.

Access control lists (ACLs) Structure, Objects have a list of all accessible subjects, Permissions, Column of the access control matrix. Capabilities list: Structure, Subjects have a list of all accessible objects, Permissions, Row from the access control matrix.

Administrative controls define the human factors of security. It involves all levels of personnel within an organization and determines which users have access to what resources and information by such means as:

As stated by Jagodzi?ska (2020), the resources of a business must comprehend the significance of IT Security Management before it is being enacted in a business space. The entire scope of the project must be clear to all stakeholders of the business. However, as mentioned by Flyktman (2016), security organizational structure needs to be established prior to the implementation of IT Security Management. The literature discussed that the IT assets of the organization need to be classified and secured as well during the implementation of IT Security Management. Before implementing the IT Security Management, the risk associated with this concept must be evaluated as well, as per the discussions of the literature. As mentioned by Kabir et al. (2020), DevSecOps can help in addressing the challenges of implementing IT Security Management in Target Corporation like lack of security training and communication of security issues. 

Data Collection: In this proposal, the analyst shall be considering only the qualitative secondary data from peer-reviewed journals to answer the research questions. The selection of this data collection procedure shall help in identifying the exact behaviour required for Target Corporation to introduce IT Security Management.
Data Analysis: The data from the journal articles shall be analysed using the qualitative data analysis technique. The selection of this data analysis procedure shall create openness in the project.