Management of the security risks and the issues in Target Corporation requires development of a proper business continuity and disaster recovery strategy for the organization. As a part of the organizational disaster recovery strategy, the need of identity management and providing proper security awareness training becomes a necessity. However, implementation of these two factors in the organization is subjected to development of proper strategies which will enable the security officers and the security team of Target Corporation to address this issue. In the following paragraphs, the strategy for identity management and management of the security awareness training plan in Target Corporation is discussed.
Identity Management and Security Awareness Training Plan Strategy
Identity Management Strategy
Identity management can be described as the necessary organizational process that is effective for identification, authentication and authorization of the individuals or the groups of people within the organization who are having an access to the applications, system and network of the organization (Dumont & Waldzus, 2015). Identity management in Target Corporation is necessary to define and limit the access rights of the system and information only to the authorized individuals. To ensure proper identify management in Target Corporation, the following identity management strategies can be device.
Strategy 1: Enforcement of an identity access management strategy within the organization becomes a necessity. The strategy is associated with the management and monitoring of all the devices and the system used by the individuals within Target Corporation to manage its access and overall operations (Ouko, 2017). The primary aim of the identity access management will be to maintain the security of the user identity.
Strategy 2: Enforcement of multifactor authentication against the data access within the organization can not only help in ensuring proper data security, but also can contribute in effectively identifying the users or the individuals who have accessed a particular data at an particular instance of the time thus helping in effective identity management.
Strategy 3: Monitoring the privileged users is another strategy for ensuring proper identity management as it increases the visibility of the users who are accessing the data and the system at a particular instance of time (Olins, 2017).
Strategy 4: Keeping a watch on the third-party vendors and the contractors associated with the organization is necessary to visibility of the overall data access process.
The above discussed four primary strategies are recommended for Target Corporation for enforcing and ensuring proper identity management, which is a part of the business continuity plan as well. These strategies will not only help in data management but also will enable enforcing proper control on the data access.
Security Awareness Training Plan Strategy
In order to ensure that the developed business continuity and the disaster recovery plan for the Target Organization is in place, it is necessary for the employees of the organization to undertake proper security awareness training as per the plan. The strategies for providing the security awareness training are indicated as follows-
Strategy 1: All the employees of the Target Corporation will be informed about the need of participating in the security training and the training process will be made mandatory to ensure a correct operation and application of the disaster recovery plan (Bada, Sasse & Nurse, 2019).
Strategy 2: identification of the overall security awareness requirement of the organization becomes a necessity to ensure a proper identification of the strategies and the processes that can help in designing a proper and effective security plan.
Strategy 3: The proposed security awareness training in Target Corporation will include a detailed discussion on the concept of Malware, phishing, the risks related to BYOD and importance of access control and authentication (Korpela, 2015). This will help the employees in easier identification of the email frauds and the risks while operating online.
Strategy 4: The security awareness training should not be a onetime program. The strategy is to repeat this overall training process in the organization at a regular interval so that the new employees get a clear idea of the security needs and requirements of Target (Aldawood & Skinner, 2018).
The above four strategies are required to be followed to ensure that the required security awareness training within Target Corporation are completed in an effective manner. The frequency of training program is to be set at once in three months to get a maximum benefit of the training.