The multistate settlement over the 2013 Target data breach outlines the kind of security measures enterprises should have in order to not be found negligent with customer data. Modern security needs to focus on reducing the amount of time between a compromise when detection and making it harder for attackers to carry out their operations. For the pro-active CSO, the settlement should indicate the bare minimum and not what they should aspire to. The settlement gives Target 180 days to develop, implement, and maintain a comprehensive information security program but most of the terms refer to the changes the retailer has already adopted.”]