Tutor Quora

CSI5133 Information Security

Academic Anxiety?

Get an original paper within hours and nail the task

156 experts online

Free Samples

CSI5133 Information Security

.cms-body-content table{width:100%!important;} #subhidecontent{ position: relative;
overflow-x: auto;
width: 100%;}

CSI5133 Information Security

0 Download11 Pages / 2,531 Words

Course Code: CSI5133
University: Edith Cowan University

MyAssignmentHelp.com is not sponsored or endorsed by this college or university

Country: Australia

Question:

Learning outcomes

Analyse and synthesise information security issues in modern organisations.
Demonstrate an understanding of the advantages, disadvantages, threats and vulnerabilities associated with various IT environments.
Demonstrate the concepts, principles and techniques relating to the security of information.
Evaluate the importance of information to organisations and society in general.

Critically analyses the case study provided to provide an information security perspective on the issues faced by the organisation.
Follow the processes provided in the unit materials, particularly the first five modules, to present a logical and clear analysis of the case study. The case study can be found under the Reading List/Assignment 01.
Your report should include:

An outline of the process followed to devise the case study analysisi.e., did you follow any methodology on how to analyse a case study, what steps did you follow to write the main body of the report? This section need not be detailed, a  2 brief outline of your analysis process.
Identification of the personal identifiable information (PII) that is held, used, and collected by the organization
Discuss the CIA triad and how these principles relate to the information security breach, i.e., what was breached in relation to C.I.A
What threats and vulnerabilities to the information exist in the case study
What protections were in place; what worked and what failed in this particular case.
Discuss the lessons learnt from the breach, for example, legal, financial, risk
What did the organisation do after the breach, i.e., what happened after the fact.
Why was this breach such an important case to learn from.

Answer:

Introduction
It was the day which is never dreamed by any organization in the history of Target shoppers. This was the pleasant month of December, 2013, when nearly 40 million credit cards were stolen. The way was totally unbelievable, which was accessing data on POS system. Approximately 70 million of customers affected and around 11 GB of data was stolen. There are so many different definitions of Information security but the best definition surely includes the maximum confidentiality of customer’s data, well established integrity and 24×7 availability of useful information. Information security is the most important aspect of any organization which must be designed to ensure the integrity and confidentiality of all the computer machines of organization. Three terms (confidentiality, availability and integrity) are collectively known as CIA triad. This triad is also known as Parkerian hexad and necessarily includes the control, authencity and other utility options besides above parameters of information security. In this report, all the information security vulnerabilities will be explained in depth.
Information security
As per the definition given by Techopedia, the very much popular brand in the field of information security which includes risk management. There may be two types of information in an organization: the first category uses the sensitive information which remains unchanged, unaltered, untransformed and modification can be done by using permission only (Miloslava Plachkinova, 2018). If we discuss the information security of any retail industry then it can be ensured by following best available security practices and protecting the personal as well as financial information of all the customers. It is a set of very useful strategies which are used to manage the process of data processing and threats which transforms the digital information of customers (Rouse, 2016).
Need of report
As the information security is the most important module of course curriculum, there cannot be the best example of such real time based case study just like this one. Every student must come to know about the latest technologies of information security. We are following here the perception that if there is any need to implement this conceptual knowledge in real life scenario, it can be used to ensure security issues in organization.
The timeline of Target data breach (2013)
The method we followed to accomplish this project report is:

We collected all the verified information which might be useful to explain the security breaches and corrective measures of the target data breach in depth.
We have done the detailed analysis of all the security threats, vulnerability issues and malwares of target breach(Xiaokui Shu, 2017).
The difficult points and challenges while investigating the data breaches from the legal perspective is also analyzed.
In this report further we provide security guidelines for organizations to improve the payment system security. There are three guidelines such as: Enforcing the integrity of payment system, designing the alert mechanism and segregation of network.
We also discuss the credit card security which is being used in organizations currently and how to spread the best practices of using credit card securely.

Most important facts of the case study
The sources are enough to provide the most important facts of data breaches. Some of the key points of case study which we can target as the most critical points of all are:
The POS system of Target shoppers has technical issues related with virtualization, configuration, deploying security patches and the system updates.
Password breaching through bot program via Fazio mechanical who was a refrigeration vendor, due to which the malware was able to steal the credentials of customers.
The loss of personal financial information of customers which was very important to trace out the current bank statements and other information.
The POS machine was infected by such applications within a short span of time which customized the software and disable the virus scanner. The automated update process transferred the raw commands over the network and moved data to hacked servers via FTP.
Personal Identifiable Information
Personal identifiable information is used to identify any specific individual. It can be of two types: Sensitive and Non sensitive. Non sensitive personal identifiable information can be transmitted through network medium in unencrypted form as it would not result in form of any harm to individual person. This information can be simply collect from any source such as: public records, phone books, websites or any organizations directory (Rouse, personally-identifiable-information, 2014). On the other hand the sensitive information whenever disclosed, will result in form of individual harm. So, it is recommended that before transmitting this type of information encrypt it. For encryption biometric information, personally identifiable financial information (Bank account and password), medical information and some other SSN (Social security number)
Threats and Vulnerabilities
The IT system and network of Target shoppers was attacked in 2013, November. There were around 70 million records of customers stolen and 40 million credit card numbers were stolen by the attackers (Watts, 2017). There were some major parties who were actively involved the investigation of this whole incidence, such as DELL secure work, FBI, iSIGHT partners and United state secret service etc. Intel Crawler was actively involved to analyze the malware investigation and the marketing of all the stolen cards were done by BlackPOS.
From the above picture, we can say that the Fazio mechanical system was drastically compromised by Citadel Trojan. Possibly this Trojan was initially installed because of weak security system (Jones, 2016). Network segregation was present in network but it has so many loopholes. Network segregation is the concept where we use some network devices in our network and the main objective of using this is to filter out the data packets for the specific network. For example if there is need of installing a software on any POS, then firstly it has to pass through proper passage. Due to weak network the malware started gaining access of target machines. Once the malware reach the target machines, then it started accessing the credit card information specially numbers.
It was collected from a source that all the credit card information which was stolen was aggregated on as server situated in Russia. The whole amount of stolen information was 11 GB
Preventive Measures (Alternative Course of action)
The security measures which can be taken to ensure the security of organization can be:
Do not run any system without security measures clearances (S, 2016). To implement it, network firewalls can be in place and they secure their network using the virtual local area network. Target shoppers has also deployed Fire Eye, which is a well popular network security system which provides a well secured multi layered and it is capable to detect malware by using network intrusion detection.
The case study has shown that target has failed to secure credit card information, due to lack of detecting and preventing the data stealing on various points, such as:
The security warnings which are generated automatically did not investigated due to disable of auto removal functionality (Gagliordi, 2015).
The methods did not corrected to segment the network and totally failure in isolating the sensitive network.
The software installation at point of sale was not strict and it was allowing unauthorized accessibility for configuring and installation in very simple steps. The result was data loss.
The third party partners did not following proper access control mechanism on various groups.
It can be ensured in information security that the credentials must be secure using additional layer on the top of communication channel. Proper firewall must be deployed to filter out the suspicious data packets in organization. To update the system or application installation proper admin rights must be provided to specific category of employee only. The mitigation points in case of any threat and vulnerability in hardware or software must be notified and banned immediately to ensure the security of whole organization and database server.
Risk Management
To adhere with PCI compliance is not alone can be taken as risk management strategy. It should be considered as that the details which are utmost required for payment should be considered only (Sullivan, 2015). Assets and the customer’s details can become very crucial for risk management. Once all the threats and vulnerabilities are identified, the risk management expected by individual threat must be analyzed (Halzack, 2015). In general the vulnerability which has highest likelihood and most critical in terms of cost for the organization should come on highest priority and fixed first of all.
Risk Management Matrix
Risk Management and POS system
After data breach, a risk management based approach to ensure security is implemented in Target shoppers on regular basis (Robin, 2013). All the risks are prioritized so that they can be easily traced. Threat model has been created for systems throughout the network of data centers. It covers all the pivot points which might be chosen as to reach the POS system.
Defense in Depth
Defense in depth means to cover all the security measures throughout the infrastructure, all the layers of protection should be analyzed to stop the attack on every suspected point (Sean Barnum, 2005). Implementing a strong defense in depth strategy will surely ensure the security of each level. To implement defense in depth, although encryption has been used in Target shoppers, the card data was available most of the time on POS systems. This card data can be easily accessible to hackers and attackers. One more technique which can be used to secure data is whitelisting the applications. It will allow only specific authorized software to run or to install on the POS systems. Jason Popp., the group manager has advised that whitelisting of applications can be done through hardware as well as software. The applications which are being run on POS must be digitally signature. It can be along with signing key which will be embedded in hardware security module to ensure only the authorized code to be installed on the POS systems. For encryption some additional layers can also be deployed to the POS operating system.
Critical control points
There are so many critical control points in Target shopper’s case study, but here we will discuss only the most important (SMITH, 2018). It is a list which is prioritized on the basis of critical happening, cost to recover, most likelihood, preventive measures etc.

Pivot point

Controlling measures

Reconnaissance

It is related with providing the training to boost the awareness about sharing which type of information with whom?

Malware installation

To resolve this, appropriate software which fulfill the security precaution should be installed on POS

Filtration of data packets and communication

Data packets must be filtered through administrative authentication only.
Implement proper network boundaries to monitor the data packets travelling inside or outside the organization (Kilkelly, 2017).
By using maintenance and audit logs, the analysis process become very simple. So never rely on standard tools only.

Installation of malware on POS

Only authorized software can be installed on POS. Regular scanning of HIDS is recommended.

Target shoppers after breach
Various points collected from sources described that Target shoppers was not in good condition as they had to pay around 18.5 million dollars to around 47 states and District of Columbia in form of settlement amount to the attorney general of states (Abrams, 2017). This settlement will end after a yearlong investigation about how this complete incidence happened and how the hackers were able to steal the information from credit card and exactly what were the source of other information of about 10 millions of people.
In this complete settlement amount New York will get 635000 dollars and California will get 1.4 million dollars.
Target had been agreed to implement strict digital security which also cover the maintenance of software and encryption decryption of messages to secure the personal information. It was decided that retailers will separate their cardholder data from the rest of network and pay only for independent assessment (jayakumar, 2014).
Learning outcomes
Although this data breach was one of the biggest in the history but it also shown the successful business in North of America having 1800 stores in 2015. The data breach had been impacted adversely on the image of Target shoppers but still there are some of the positive points as well, such as: some of the customers overlooked the massive security issues occurred in company and they shown their keen interest to associate with the company though. Some customers of target shoppers perceived the company as a victim of hackers and attackers and decided to stand with the company during hard times.
After the data breach Target shoppers promised to invest a huge amount on improving their cybersecurity operations. They created the first cyber fusion center in 2015, which is strongly dedicated to prevent such type of attacks.
One more noticeable improvement done was adding chip readers for customer’s PIN. Target shoppers became the first organization in US who issued such cards to their customers,
Summary
Although the security breaches seem critical for an organization, but these are now become our day to day life problem. It is important to monitor the expected security breaches regularly. Whatever happened with Target shoppers can be repeated with other organizations as well. In conclusion this report is summarizing the events of 2013 Target breach, the actions taken by the company to resolve the data loss. The objective is to generate the awareness among society about the importance of security aspects which must be followed in today’s environment.
References
Abrams, R. (2017, May 23). Target to Pay $18.5 Million to 47 States in Security Breach Settlement. Retrieved from www.nytimes.com: https://www.nytimes.com/2017/05/23/business/target-security-breach-settlement.html
Gagliordi, N. (2015, November 27). /the-target-breach-two-years-later. Retrieved from www.zdnet.com: https://www.zdnet.com/article/the-target-breach-two-years-later/
Halzack, S. (2015, March 19). target-data-breach-victims-could-get-up-10000-each-from-court-settlement. Retrieved from www.washingtonpost.com/: https://www.washingtonpost.com/news/business/wp/2015/03/19/target-data-breach-victims-could-get-up-10000-each-from-court-settlement/?noredirect=on&utm_term=.4a93d65258b0
jayakumar, J. L. (2014, January 10). target-says-70-million-customers-were-hit-by-dec-data-breach-more-than-first-reported. Retrieved from www.washingtonpost.com: https://www.washingtonpost.com/business/economy/target-says-70-million-customers-were-hit-by-dec-data-breach-more-than-first-reported/2014/01/10/0ada1026-79fe-11e3-8963-b4b654bcc9b2_story.html?utm_term=.7acd0aaa9e47
Jones, B. (2016, June 20). threat-vulnerability-risk-commonly-mixed-up-terms. Retrieved from www.threatanalysis.com: https://www.threatanalysis.com/2010/05/03/threat-vulnerability-risk-commonly-mixed-up-terms/
Kilkelly, C. (2017, May 18). the-cis-critical-controls-explained-control-7-email-and-web-browser-protection. Retrieved from blog.rapid7.com: https://blog.rapid7.com/2017/05/18/the-cis-critical-controls-explained-control-7-email-and-web-browser-protection/
Miloslava Plachkinova, C. M. (2018). Teaching Case. Journal of Information Systems Education, 12. Retrieved from https://jise.org/Volume29/n1/JISEv29n1p11.pdf
Robin, J. (2013, July 13). pos-systems-and-risk-management. Retrieved from www.armaghpos.com: https://www.armaghpos.com/pos-systems-and-risk-management/
Rouse, M. (2014, January 14). personally-identifiable-information. Retrieved from searchfinancialsecurity.techtarget.com: https://searchfinancialsecurity.techtarget.com/definition/personally-identifiable-information
Rouse, M. (2016, september 13). information security (infosec). Retrieved from techtarget.com: https://searchsecurity.techtarget.com/definition/information-security-infosec
S, A. (2016, june 24). risk-management/it-risk-management/. Retrieved from www.business.qld.gov.au: https://www.business.qld.gov.au/running-business/protecting-business/risk-management/it-risk-management/reducing
Sean Barnum, M. G. (2005, september 13). defense-in-depth. Retrieved from www.us-cert.gov: https://www.us-cert.gov/bsi/articles/knowledge/principles/defense-in-depth
SMITH, T. (2018, April 3). 20-critical-security-controls-control-13-data-protection. Retrieved from www.tripwire.com: https://www.tripwire.com/state-of-security/security-data-protection/20-critical-security-controls-control-13-data-protection/
Sullivan, P. (2015, March 10). Information-security-risk-management-Understanding-the-components. Retrieved from searchsecurity.techtarget.com: https://searchsecurity.techtarget.com/tip/Information-security-risk-management-Understanding-the-components
Watts, S. (2017, June 21). security-vulnerability-vs-threat-vs-risk-whats-difference. Retrieved from www.bmc.com: https://www.bmc.com/blogs/security-vulnerability-vs-threat-vs-risk-whats-difference/
Xiaokui Shu, K. T. (2017, January 18). Breaking the Target. Target Data Breach and Lessons Learned, p. 10.

Free Membership to World’s Largest Sample Bank

To View this & another 50000+ free samples. Please put
your valid email id.

E-mail

Yes, alert me for offers and important updates

Submit 

Download Sample Now

Earn back the money you have spent on the downloaded sample by uploading a unique assignment/study material/research material you have. After we assess the authenticity of the uploaded content, you will get 100% money back in your wallet within 7 days.

UploadUnique Document

DocumentUnder Evaluation

Get Moneyinto Your Wallet

Total 11 pages

PAY 7 USD TO DOWNLOAD

*The content must not be available online or in our existing Database to qualify as
unique.

Cite This Work
To export a reference to this article please select a referencing stye below:

APA
MLA
Harvard
OSCOLA
Vancouver

My Assignment Help. (2021). Information Security. Retrieved from https://myassignmenthelp.com/free-samples/csi5133-information-security/management-understanding-the-components.html.

“Information Security.” My Assignment Help, 2021, https://myassignmenthelp.com/free-samples/csi5133-information-security/management-understanding-the-components.html.

My Assignment Help (2021) Information Security [Online]. Available from: https://myassignmenthelp.com/free-samples/csi5133-information-security/management-understanding-the-components.html[Accessed 18 December 2021].

My Assignment Help. ‘Information Security’ (My Assignment Help, 2021) accessed 18 December 2021.

My Assignment Help. Information Security [Internet]. My Assignment Help. 2021 [cited 18 December 2021]. Available from: https://myassignmenthelp.com/free-samples/csi5133-information-security/management-understanding-the-components.html.

×
.close{position: absolute;right: 5px;z-index: 999;opacity: 1;color: #ff8b00;}

×

Thank you for your interest
The respective sample has been mail to your register email id

×

CONGRATS!
$20 Credited
successfully in your wallet.
* $5 to be used on order value more than $50. Valid for
only 1
month.

Account created successfully!
We have sent login details on your registered email.

User:

Password:

Citation becomes a problem specially when you have multiple sources to refere to for creating your research papers. We guide you how to write a research paper, provide you with a proper research paper outline, good research paper topics. We also help you with writing a research proposal and various research project ideas. We strictly adhere to the standard guidelines and conventions. Owing to our quality and sucess ratio of students we are one of the best paper writing service in the industry.

Latest Management Samples

div#loaddata .card img {max-width: 100%;
}

MPM755 Building Success In Commerce
Download :
0 | Pages :
9

Course Code: MPM755
University: Deakin University

MyAssignmentHelp.com is not sponsored or endorsed by this college or university

Country: Australia

Answers:
Introduction
The process of developing a successful business entity requires a multidimensional analysis of several factors that relate to the internal and external environment in commerce. The areas covered in this current unit are essential in transforming the business perspective regarding the key commerce factors such as ethics, technology, culture, entrepreneurship, leadership, culture, and globalization (Nzelibe, 1996; Barza, 2…
Read
More

SNM660 Evidence Based Practice
Download :
0 | Pages :
8

Course Code: SNM660
University: The University Of Sheffield

MyAssignmentHelp.com is not sponsored or endorsed by this college or university

Country: United Kingdom

Answers:
Critical reflection on the objective, design, methodology and outcome of the research undertaken Assessment-I
Smoking and tobacco addiction is one of the few among the most basic general restorative issues, particularly to developed nations such as the UK. It has been represented that among all risk segments smoking is the fourth driving purpose behind infections and other several ailments like asthma, breathing and problems in the l…
Read
More
Tags:
Australia Maidstone Management Business management with marketing University of New South Wales Masters in Business Administration 

BSBHRM513 Manage Workforce Planning
Download :
0 | Pages :
20

Course Code: BSBHRM513
University: Tafe NSW

MyAssignmentHelp.com is not sponsored or endorsed by this college or university

Country: Australia

Answer:
Task 1
1.0 Data on staff turnover and demographics
That includes the staffing information of JKL industries for the fiscal year of 2014-15, it can be said that the company is having problems related to employee turnover. For the role of Senior Manager in Sydney, the organization needs 4 managers; however, one manager is exiting. It will make one empty position which might hurt the decision making process. On the other hand, In Brisba…
Read
More

MKT2031 Issues In Small Business And Entrepreneurship
Download :
0 | Pages :
5

Course Code: MKT2031
University: University Of Northampton

MyAssignmentHelp.com is not sponsored or endorsed by this college or university

Country: United Kingdom

Answer:
Entrepreneurial ventures
Entrepreneurship is the capacity and willingness to develop, manage, and put in order operations of any business venture with an intention to make profits despite the risks that may be involved in such venture. Small and large businesses have a vital role to play in the overall performance of the economy. It is, therefore, necessary to consider the difference between entrepreneurial ventures, individual, and c…
Read
More
Tags:
Turkey Istanbul Management University of Employee Masters in Business Administration 

MN506 System Management
Download :
0 | Pages :
7

Course Code: MN506
University: Melbourne Institute Of Technology

MyAssignmentHelp.com is not sponsored or endorsed by this college or university

Country: Australia

Answer:
Introduction
An operating system (OS) is defined as a system software that is installed in the systems for the management of the hardware along with the other software resources. Every computer system and mobile device requires an operating system for functioning and execution of operations. There is a great use of mobile devices such as tablets and Smartphones that has increased. One of the widely used and implemented operating syste…
Read
More
Tags:
Australia Cheltenham Computer Science Litigation and Dispute Management University of New South Wales Information Technology 

Next

Need an essay written specifically to meet your requirements?

Choose skilled experts on your subject and get an original paper within your deadline

156 experts online

Your time is important. Let us write you an essay from scratch

Tips and Tricks from our Blog

11174 Introduction To Management

Free Samples 11174 Introduction To Management .cms-body-content table{width:100%!important;} #subhidecontent{ position: relative; overflow-x: auto; width: 100%;} 11174 Introduction

Read More »