1. What are the (a) people, (b) work process and (c) technology failure points in TJX’s security that require attention and contributed toward the security breach.
2. How should the company’s IT security be improved and strengthened? What should its short-term priorities and long-term plans be?
3. Was TJX a victim of ingenious cyber crooks or did it create risk by cutting corners? How do organizations get into this kind of situation, and how what can they do to avoid it from a management perspective?
4. In the aftermath of the attack, what would you be worried about? What actions would you recommend?
5. Given the data breach at TJX, some would argue that PCI-DSS is not effective or does not do enough to protect card holder data. Do you agree or disagree with that statement and why? What could be done differently if anything to improve on the effectiveness of PCI-DSS?