1. List and describe the security control weaknesses at TJX Companies. When security upgrades are made available, it’s because they’re necessary, not because software developers have thought up some great new software gimmick. Hackers are able to bypass the old systems too easily, so better security is needed to keep the hackers out. TJX ignored the need for better e-security, and even neglected to install one particular upgrade they had purchased. 2. 3. 4. How effectively did TJX deal with these problems? Not well enough. The $40.9 million fund for the banks won’t nearly cover the banks’ losses, and I see too little info in the report about what exactly TJX is doing to prevent this from happening again. I see money being thrown at the problem, but management doesn’t seem to have a clear picture of a real solution. 5. Who should be held liable for the losses caused by the use of fraudulent credit cards in this case? TJX? The banks issuing the credit cards? The consumers? Justify you answer. Obviously TJX is responsible – their negligent behavior that made them vulnerable to the attacks. The banks and consumers can’t be held responsible – especially the consumers! If consumers were held responsible for attacks like this, we’d do away with credit cards, keep our money under our mattresses, and go back to making our own clothes and food and entertaining ourselves by telling each other stories as people did centuries ago! Then where would the banks and credit card companies be? That’s probably extreme, but so is expecting a shopper to pay for a huge corporation’s negligence and a hacker’s crime.