A top-down approach to Risk & Compliance Management could have saved TJX some serious money

A top-down approach to Risk & Compliance Management could have saved TJX some serious money.
by: Ryan Shopp

Everyone, including me, keeps reading about the TJX data breach. Here are some prime snippets from a few recent articles I've read.

...Industry analysts have estimated the total costs to TJX from $500 million to as much as $1 billion, when legal settlements and loss of market share and sales are included...

“The TJX breach is a dramatic example of how keeping large amounts of sensitive information – particularly information that is not required for business purposes – for a long time can be a serious liability.”

“At TJX, we have learned a great deal about the risks of cyber attacks and have responded aggressively to take our own security to even higher levels. We have also learned about the heightened security risks that exist across the entire US retail and banking industries as a result of today's high tech criminals."

The bottom line here is, companies could avoid these types of situations if they take a strategic, top-down (aligned with the business goals) approach to IT Risk & Compliance management versus simply applying a variety of point-solutions. Many times the major gaps will be found in people or process, not technology.

These snippets were taken from the following articles written by Banking Information Security;
TJX, Visa Agree to $40.9 Million Payout for Data Breach - December 2007
TJX Update: Breach Worse Than Reported - October 2007
TJX Report: Wake-up Call for All Institutions - September 2007