User Account

All Pages

Analyse information security vulnerabilities and threats

Assignment Help Other Subject
Reference no: EM13846435 , Length: word count:3000

This assignment assesses your understanding in relation to the following three course objectives:

1. analyse information security vulnerabilities and threats and determine appropriate controls that can be applied to mitigate the potential risks

2. explain why continual improvement is necessary to maintain reasonably secure information systems and IT infrastructure and to describe the role of disaster recovery and business continuity plans in recovering information and operational systems when systems and hardware fail

3. demonstrate an ability to communicate effectively both written and orally about the management of information security in organisations.
This assignment assesses the following graduate skills: Problem Solving, Academic & Professional Literacy and Oral and Written Communication at level 2.

In date order clearly list the following:

• date of research activity/discussion
• topics researched or discussed
• time duration of activity.

Regular participation on the discussion forums dedicated for this assessment is highly recommended and can assist greatly with this assessment item. Also note that you are expected to do research outside of the course materials provided.

Case study - Gamble Bet

BackGround

Harry's Bookmaking Agency has been working the rails on Australian Horse Racetracks for over 40 years. When Harry retired 10 years ago, his son Bob took over as Head Bookmaker, (and CEO) and stills runs the business to this day.

Bob realised early on his in tenure, that after 30 years of little change to their business model, they faced some disruptive new market and technological forces, where if they did not react, Harry's Bookmaking Agency may not exist for much longer.

Bob could see the signs. The Internet was changing the world and changing how businesses worked. Already, online betting was becoming big overseas in the US and some of Europe, and early adopters in Australia were making some good head roads into the local market. While his business was not affected as yet, the writing was on the wall. To survive, Harry's Bookmaking Agency had to make the most radical changes to their business in all their existence.

‘GambleBet Pty Ltd' (Harry's Bookmaking Agency and online business' new name) was started in 2000.

Today, GambleBet has 20 staff and operates out of 1 office in Melbourne. Of GambleBet's staff, 15 are bookmakers who spend their work hours in front of scores of screens watching sport from around the world and other bookmaking sites to be able to set the markets for sports betting they offer their clients. There are also 3 business administration staff, 1 accountant and Bob as the CEO. They have no IT people in their organisation.

GambleBet's IT infrastructure is fully outsourced to a third-party hosting provider,'NetBest IT Services', who also manage all aspects of GambleBet's 3 servers and all communications from their office and links to the ISP. GambleBet's online betting system application and credit card processing system is developed and managed by BigFrog Software.

In 2001, 90% of business revenue still came from the rails business on the racetrack. In 2014, 95% of all revenue comes from the online business. GambleBet 2013 revenue topped $100M AUD. Up from $4M AUD in 1999. Business is booming!

Setting the Scene

This afternoon, Bob received a call from his bank's Risk Management and Compliance Division Manager. He was informed that the bank believed that GambleBet's security has been compromised. The bank's credit card fraud system was raising alarm bells and through further investigation by the bank, a pattern was emerging that compromised credit card numbers seemed to be originating from the credit card numbers of GambleBet's customers. At present, fraudulent purchases from these credit cards totalled in excess of $50,000 and were growing by the day. Fraudulent transactions were happening across the globe and the bank informed Bob that it suspected that a criminal hacking organisation has broken into GambleBet's systems and has stolen some or all of the credit card numbers of their clients.

As per bank policy and as documented in the credit card merchant contract between the bank and GambleBet, in the event of potential fraud being detected, the bank has the right to undertake an investigation into the matters. Bob was informed that the bank has engaged independent IT security specialists, HackStop Pty Ltd to:

• Review the security of GambleBet IT systems and applications
• Determine whether GambleBet is the source of the fraud
• And if so, report on what can be done to mitigate security issues now and ongoing to minimise the likelihood of further fraud.

Bob knows he needs to comply with the bank. Aside from the reputation damage to his brand and business if this made the press, 99% of all payments to GambleBet are made by clients using credit cards. If the bank took his ability away to process credit card transactions, his 40 year old business would be ruined. He agrees to meet with the HackStop consultant first thing the next day. It's 5:00pm now and Bob knows he will not sleep well tonight.

Your task

As the IT Security Consultant for HackStop assigned to the GambleBet investigation, you are required to put together a high-level security audit work plan for the bank and GambleBet that outlines your approach and methodologies to: (1) review the security of GambleBet and its key third party service providers, and (2) to determine whether GambleBet is the source of the credit card fraud. You also required to deliver your proposed security audit work plan in a Power point presentation.

The Security Audit work plan should be professionally presented and be concise and to the point. Remember, time is of an essence here and the work plan must be signed off as soon as is possible for the actual work to commence. Each day of delay could equate to many more thousands of dollars of fraud incurred by the bank and potentially also by GambleBet.

Some resources which may be useful for this assignment 3 Case Study will be provided on the Assignment 3 discussion forum

Any information not provided in the case study may be assumed, but make sure that your assumptions are stated and that the assumptions are plausible.

Security Audit Work-plan Report Structure and Requirements (WORD Document):

The Security Audit work plan should be included in a professionally presented document of no more than 10 pages and be structured to show how each phase of work is to be undertaken. Your work-plan must include the following at a minimum:

1. Executive Summary: half-page brief outlining purpose; scope, expectations and outcomes of the proposed plan of work.

Structured and ordered work plan phase description, which for each section includes:

2. Background andproblemanalysis - What went wrong? How was GambleBet website compromised and customer credit card details stolen ?

3. Threat analysis - What is to be investigated and tested, how it will be done, what sort of potential issues you are looking for, and deliverables GambleBet and their Bank can expect for each phase of work - (eg; the "deliverable" for the phase of work could potentially be a report containing the results of a vulnerability assessment test on GambleBet's server(s) and web applications). (approx. 1000 words)

4. Dependencies and critical success factors to the job - such as key stakeholders in this security audit - the key people to be interviewed or whose involvement in that phase of work is required. (Remember, you don't always get free-rein access to systems and other information and because time is of importance, you won't get a long time to master the environment. But, as you know, you cannot also always believe everything you are told). What is key to getting this job done efficiently and what support do you need to get this done, (from GambleBet, NetBest IT Services and Big Frog Software)

5. Set of recommendations for improving GambleBet's current security practices and ensuring that an appropriate set of controls are put in place

6. Reference list of key sources in particular technical references which support your approach (Not counted in word count)
Note in this report and in the accompanying presentation you are encouraged to make use of appropriate Figures and Tables to emphasise the key points that you are trying make

7. A journal of each team member's (for students completing this assignment individually - your) activities in participating and contributing to the completion of the work plan report and presentation.

Reference no: EM13846435

Questions Cloud

What are some advantages of teamwork : In what kind of teams have you participated? How is communication in a team different from one-on-one communication, according to the text? What are some advantages of teamwork? What are some disadvantages
Explain your understanding and experiences with leadership : Explain your understanding of and experiences with leadership or whether they seem to conflict with your understanding and experiences, and how?
Define the slack and surplus variables : Define the slack and surplus variables. What do they represent? What is (are) the difference(s) between a slack and a surplus variable
Is trueabout sentence lengths in a written piece : Which of the followingcorrectlyuses a transitional word or phrase?
Analyse information security vulnerabilities and threats : Analyse information security vulnerabilities and threats and determine appropriate controls that can be applied to mitigate the potential risks
Discuss theories that company used investing foreign markets : Critically discuss the methods and theories that might be used by a company to help it decide its approach to investing in foreign markets
Draw dawn''s budget constraint : Assume that Dawn is barely scraping by and spends 70% of her income on food so that she can feed her family. Mark this point on the budget constraint.
Prepare the consolidated accounts for the big company : Prepare the consolidated accounts for The Big Company Ltd and The Little Company Ltd as at 30 June 2015 - Prepare the consolidation adjustments for the year ended 30 June 2015 and, based on the information provided above, calculate the non-controll..
Was it because of or in spite of the sales person : Now, think back on a time when you were considering the purchase of an item (again, it doesn't matter what; car, clothes, phone, pc, etc.) with a professional sales person and you decided to go ahead and purchase the item. Was it because of or in ..

Reviews

Write a Review

Other Subject Questions & Answers

  What steps of action would you take in future projects

What steps of action would you take in future projects to reduce the chance of a customer rejecting the project as being unfit

  Write a 2-3 page paper that includes information about the

choose a type of healthcare delivery system to study from the list below. prepare a 2-3 page paper which includes

  Social promotion

Social promotion is not good for students, by passing them even though they don't deserve it will cause them to develop negative effects such as, bullying, having less friends, and being ridiculed.

  Particular actions when studying moral theology

Why is it important to focus on virtues and not just on particular actions when studying moral theology?

  For the discussion recognize two ideas which

dr. williams has been studying memory and language development. during her research she discovers that infants as

  Auxiliary helper rules

Write Prolog rules as described in the questions below. You may use any Prolog builtin predicates. You may need to write auxiliary "helper" rules in some cases.

  Thoughts in opinions on both theories

Personal thoughts in opinions on both theories and which would you support one overthe other.

  What type of analysis was performed

Tell us the problem statement of the study and provide us an overview of the research effort. Then tell us what kind of quantitative design is used and why it was chosen. Finally, provide details on what type of analysis was performed

  Explanation of the role and function of nlrb

federal administrative agencies: National Labor Relations Board (NLRB), Occupational Safety and Health Admistration (OSHA), Environmental Protection Agency (EPA)

  Identify mission-related environmental risks

You are a squad leader in "Sapper" platoon, Special Troop Battalion, 3rd Brigade, 10th Mountain Division. Your unit will deploy to Afghanistan to conduct operations in support of Operation Enduring Freedom. One of your critical tasks in preparing for..

  Requires title page abstract in this assignment you will

requires title page abstract. in this assignment you will prepare an in-depth comparative analysis research paper

  Determine the coefficient of linkage disequilibrium

In a very large random-mating population of mice, haplotype frequencies for the AB, Ab, aB, and ab. what will the coefficient of linkage disequilibrium be one generation later? Five generations later?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd