IMT6011 Introduction to Information Security Management
Tasks
Part A:
Search the web for news on computer security breaches that occurred during September-December 2015. Research one such reported incident. Prepare a report focusing on what the problem was, how and why it occurred and what are the possible solutions.
Part B:
Research about any popular hack case on the web which happened between 2012 and 2016 (For example, one very popular hack case is JPMorgan chase hack case (2015)) and prepare a report focusing on the following questions:
- What was the problem?
- Who were affected and how?
- How was the attack carried out?
- What could have been done to prevent the attack?
Answer:
Part A
Background of the problem
Internet has spread in all the parts of the world and this network has great importance in life of people now-a-days. As every coin has two sides, so it does. There positive as well as negative aspects of it. Many security breaches are coming up. The security breaches are very common. Breach is an activity where the person with ill-intention hacks a computer or network system and steals the sensitive information. The information may be misused by the culprit. These breaches can pose a very harmful impact on the information security systems. The assignment explains the brief of the “Scottrade” attack and the LinkedIn attack. The “Scottrade” attack took place in the September-December 2015
The “Scottrade” attack affected more than 4.6 million customers of the firm. The customers who got enrolled before February 2914 were affected by the hack (Billies, 2016). Massive amount of data was stolen by the hackers. The details of customers which were stolen by the hackers indulged the emails and security number. The physical address of the customers was drawn by the hackers as the hackers got the access of the database of the company. FBI reported the incident and till that time the incident was not reported by the company itself (Thompson, 2017). The company had to suffer huge amount of data loss and decrement of brand image due to the hack which took place.
How and why did the problem occur
The breaches got the access of the database of the company and then they got access of the client information if the company. The details of the customers were stolen by the hackers. The possible reason behind the hack was server scanning. Vulnerability of Wi-Fi of the company, social engineering, phishing or the infected websites. Malicious emails were used by the hackers to get the access of the database of the company. The hackers sent malicious emails to the employees of the company (Groshoff, 2016). As soon as the employees clicked on the email, the hackers got the access of their system and thus all the data was stolen from there. The company had set encryption to the details of the customers but the hackers broke the encryption and stole all the data.
Ways by which the hack could have been prevented
There are certain measures which have been taken by the firm to prevent the hack. “Scottrade” must have taken pre-precaution to be ready for security breaches. The measures that must have been taken by the form are described below-
Proper prevention measures against the spam emails- the company must have been taken safety measures to prevent the spam emails. Filters would have been set by the company which would prevent any type of spam email to enter the account of employees of the company (Opderbeck, 2016). The company must have trained the employees to click on the emails with a keen knowledge of the spam emails.
None of the company information must have been shared through personal calls and emails. The employee must have restricted employee to share the firm related data through personal phone calls. This is a huge reason behind leakage of data from the company. The personal accounts of the employee are easy to hack and thus the data can be leaked easily. The hackers can easily get the access to personal phone calls and emails of the employees.
The employee must have been given proper training on phishing and such kind of attacks. The attack took place mainly because if the malicious emails that were sent to the employee of the company (Huh et al., 2017). The hacklers got access to the systems of the employees of the company and then they got entire information of the database of the company. It is very essential for the employees to get proper training on security threats that may rise in the firm due to malicious emails.
If these measures would have been taken by the firm the results of the attack must not have been this severe and the details of the customers would have been safeguarded. The firm would have been able to keep the sensitive data secure and far from the reach of the hackers.
Part B
Background of the problem
The adverse affects of internet are spreading widely in the world. the mentioned case is one such example of the LinkedIn attack carried out in the year 2012-2016. . Many security breaches are coming up. The security breaches are very common. Breach is an activity where the person with ill-intention hacks a computer or network system and steals the sensitive information. The information may be misused by the culprit. These breaches can pose a very harmful impact on the information security systems
What was the problem
The LinkedIn hack took place on 5th of June 2012. The passwords of around 6.5 million users of LinkedIn were stolen by the hackers. According to the findings, the hack was carried out by the hackers from Russia. The hackers got access to the passwords of the users of LinkedIn and they put it in the form of plain texts (Gao, Zhong & Mei, 2015). The password was put for sale by the hackers. The passwords were put on sale from the next day of the breach onwards. The website promised safety measures to the users but they had a very impact on the image of the firm. The website had to face many upset users because of the hack. The users were very disappointed because of the breach.
Who were affected and how
The users of LinkedIn were affected worldwide as their password was stolen and it was put in sale. The users were affected heavily as their data has been misused. The users of LinkedIn were affected heavily worldwide and they were very upset with the website (Murray et al., 2015). Their passwords were no more private and they suffered heavy loss of their personal data because of the breach. The users of the website were the major victims of the breach.
Other than the users, the website was also affected severely by the breach as the website had to face decrement of brand image due to the threat. The breached caused the website to face many upset consumers. It was hard for the company to get the trust of the users back. Also, several disputes were filed against the company because of which the company had to face heavy downfall in the brand image. The company had to face financial loss as well because the company had to pay several fine to the government.
Thus, the breach had severe affect on the brand as well as the customers of the website.
How was the hack carried out
The major reason known behind the breach was that the passwords used by the company were not scrambled. Thus, the hackers broke the encryption easily. The users were not encouraged to use scrambled passwords by the company and thus it made the way easier for the attackers. The user’s passwords were not salted by the site while the hashing process. The hackers had to keep a bit of patience but the procedure was easy for them. The other reason for the attack was the IOS app which was launched by LinkedIn. The app took the personal information of users and sent it to the website. These things were done without the approval of the users of the app. The information was sent to the server of the website. Thus, because of these reasons, the severe attack was resulted.
What could have been done to prevent the hack
There are various measures which could have been taken by the website to prevent the attack. The measures are listed below-
First of all, the website must have encouraged the users to use scrambled passwords for the site. The scrambled passwords make the password strong and thus it is difficult to decrypt those (Ablon et al., 2016). The scrambled passwords increase the security of the site and make it hard for the hackers and attackers to get into the passwords.
The other measure which must have been taken by the site to prevent the hack is that the employees of the site must have been made aware of the reason and the increasing security breaches all around the world.
References
Ablon, L., Heaton, P., Lavery, D., & Romanosky, S. (2016). Data Theft Victims, and Their Response to Breach Notifications.
Billies, R. (2016). Passphrases Are Better.
Gao, X., Zhong, W., & Mei, S. (2015). Security investment and information sharing under an alternative security breach probability function. Information Systems Frontiers, 17(2), 423-438.
Groshoff, D. (2016). Moore's Law versus Man's Law: How Cybersecurity and Cyber Terror Government Policies May Help or Hurt Entrepreneurial Startups. Chap. L. Rev., 19, 373.
Huh, J. H., Kim, H., Rayala, S. S. V., Bobba, R., & Beznosov, K. (2017). I’m too busy to reset my LinkedIn password: On the effectiveness of password reset emails.
Murray, A., Begna, G., Nwafor, E., Blackstone, J., & Patterson, W. (2015, April). Cloud Service Security & application vulnerability. In SoutheastCon 2015 (pp. 1-8). IEEE.
Opderbeck, D. W. (2016). CURRENT DEVELOPMENTS IN DATA BREACH LITIGATION: ARTICLE III STANDING AFTER CLAPPER. SCL Rev., 67, 599-637.
Thompson, G. F. (2017). Time, trading and algorithms in financial sector security. New Political Economy, 22(1), 1-11.
Buy IMT6011 Introduction to Information Security Management Answers Online
Talk to our expert to get the help with IMT6011 Introduction to Information Security Management Answers to complete your assessment on time and boost your grades now
The main aim/motive of the management assignment help services is to get connect with a greater number of students, and effectively help, and support them in getting completing their assignments the students also get find this a wonderful opportunity where they could effectively learn more about their topics, as the experts also have the best team members with them in which all the members effectively support each other to get complete their diploma assignments. They complete the assessments of the students in an appropriate manner and deliver them back to the students before the due date of the assignment so that the students could timely submit this, and can score higher marks. The experts of the assignment help services at urgenthomework.com are so much skilled, capable, talented, and experienced in their field of programming homework help writing assignments, so, for this, they can effectively write the best economics assignment help services.
