Case Study: Critical Controls that Could Have
Prevented Target Breach
In December 2013 over 40 million credit cards were stolen from nearly 2000 Target stores by accessing data on
point of sale (POS) systems. This paper will explore known issues in the Target breach and consider some of
the Critical Controls that could have been used to both prevent this breach and mitigate losses.


Case Study: Critical Controls that Could Have
Prevented Target Breach
GIAC (GSEC) Gold Certification
Author: Teri Radichel,
Advisor: Stephen Northcutt

Accepted: August 5th 2014

In December 2013 over 40 million credit cards were stolen from nearly 2000 Target
stores by accessing data on point of sale (POS) systems. This paper will explore known
issues in the Target breach and consider some of the Critical Controls that could have
been used to both prevent this breach and mitigate losses. From what is known about the
Target breach, there were multiple factors that led to data loss: vendors were subject to
phishing attacks, network segregation was lacking, point of sale systems were vulnerable
to memory scraping malware and detection strategies employed by Target failed. A
possible solution for preventing and mitigating similar breaches using a defense in depth
model will be presented using a multi-layered security strategy. Considerations of human
factors that contributed to the losses in this case will also be addressed.




Case Study: Critical Controls that Could Have Prevented Target Breach! 2

1. Introduction

