John Dough Pizza Company Case Study: IT Security Analysis
Question
Task: Working from the group work assignment, you are to take a significant and complex issue that was not fully addressed in the assignment and write a research report in the form of a whitepaper that describes current best practices for managing the issue.
You are to base your report on the findings of the Security Implementation Plan and Accompanying Report [your group work assignment] AND the “Confidential Background Briefing on JOHN DOUGH™ Pizza” [which is the same as for the group assignment].
While the group work assignment was broad in its requirements, this time you are to focus on a single complex issue to provide very specific analysis and recommendations.
You should do a comprehensive review of the literature available on industry best practices from reputable and respected sources such as peer reviewed journals, government publications, [trusted] industry reports, and trusted sources of news; statistics; and current IT Security affairs.
Above all, it needs to be clear to the CISO and the technical personnel of JOHN DOUGH™ Pizza that you have thoroughly researched the problem and that YOU are an industry expert that can provide solutions (your report needs to have professional credibility).
The format for the report should be professional, and it should be structured so that the security, technical and contingency planning teams at an organisation will find it thorough, insightful and easy to follow.
IF you haven’t submitted the group work assignment: You are to select a key issue that is identified in the “Confidential Background Briefing on JOHN DOUGH™ Pizza” document.
Answer
Executive Summary
This report focuses on the various aspects of security that is required to counter several security issues in a system or a network. It describes the case study of JOHN DOUGH Pizza Company and the security issues that the company owner feels are needed to be eradicated. This report especially focuses on a single issue of security in its system, which is the POS malware and the Hacker attacks. The steps and the precautions needed to solve this security issue are mentioned in the report, along with the principle in which these security measures and methods are based.
Introduction
A Perth based business called JOHN DOUGH pizza has had several issues with the security in its IT system. The company has faced many security cyber-attacks and have decided that some of the main issues in its security need to be addressed. However, it is no that the company has previously not used the IT security management plan; the company already has a security consultant. The security consultant has maintained a report which contains the implementation plans for the IT security for the system. The company, although needs some other IT security management plans and methods that could be adopted to solve the issue that has been pointed out in the system. This management plans mentioned in this report will be viewed by the Chief Information Security Officer (CISO) of JOHN DOUGH and will be used by the security management team of the company and will be applied in the security management of the company.
The restaurant chains and franchises are not taking the cybersecurity issues very seriously and don't focus much attention on this subject, not until they face some severe security issues with their IT system. The security system of any IT infrastructure should be the most important need for all businesses to protect important customer and company information. Earlier cyber-attacks were more severe as they directly attacked the system for data theft or damaging a network system etc. but now they are focusing on less malicious attacks such as, damaging the infrastructure, manipulating the system information, spying and providing false information (Flowerday and Tuyikeze, 2016).
The biggest issue with the restaurant and franchise chains such as JOHN DOUGH pizza in terms of security are hacking and the POS malware effects on any IT infrastructure and system. These issues can’t be solved by the simple security methods like antivirus software or firewall. The biggest threat with these issues is that due to the collection of customer and company information in the system, the attacks can cause a security breach and extract the information. There are many ways in which these situations can be handled or at least the damage caused by them could be prevented, all the methods and ways to implement the IT security management in the system are mentioned in this report. The three security principles are also mentioned in this report below.
The seriousness of the Issue and the Associated Risks
The biggest risk and security issue that any company or a business organization can face is the attack on the important data of the company. The attacks can happen through various ways such as cyber-criminal attacks and POS malware. The primary focus of these attacks is on the information about the customers in the database of the company; this information could contain many useful data for the criminals such as the personal information including the credit card details, etc. The work of cybercriminal is known by everyone but how they breach into the system and steal the information is not known, several hacking techniques such as phishing and releasing malware software is used by hackers to get access to another network or system. The POS malware is a virus that sticks with some software and then enters the system unidentified through a loophole and extracts all the information. The POS malware mainly steals the data from the system such as credit card information etc. and it can also breach the firewall and can remain hidden for long. When detected, it already fulfils its work by extracting the maximum information it can (Rittinghouse and Ransome 2016).
Past Instances of Malware Attacks
There have been many previous instances where the infrastructure system of some of the important business was attacked, and customer information was extracted from it, affecting the business. Many restaurants and businesses similar to JOHN DOUGH pizza have suffered huge losses and even went on shutdown for a few days to recover the problem. These incidents teach that tightening the security from the start is the most important methods which can perfectly maintain the security of the system and manage the future risks and issues. One such incident happened with several locations of Tim Horton, nearly 1000s of their cash registers were affected by these attacks. Similarly, the Applebee's restaurant was affected, and more than 160 restaurants found out the POS malware in their systems. This malware could have stolen the important customer data and information but was timely found out and managed (Gordon 2018).
Safety Measures to be taken
These issues can be tackled by regular system checkups and working out the possibilities to eliminate the further risks that the system can encounter. It is often seen that the restaurants and businesses do not give much importance to the security of their IT infrastructure system, making them the easiest target for the attackers and hackers. The business which is using the infrastructure and the employees using the systems to engage with the customers should have a little knowledge of how these attacks can happen and what should be avoided while using a system to avoid these attacks and their effects. The business companies should not hesitate to implement some strict or costly methods to avoid the security risks of their systems, because not implementing them could mean much harm to the business (Singhal and Ou 2017).
Methods to Avoid the Effects of the Security Issues
The improper security management in the above cases was the reason for their security collapse; most of these security issues can be tackled easily by the system admin in charge of the infrastructure system. But some issues need other methods and ways to stronghold the security of the system or network of any businesses. The basic old school methods such as antiviruses and firewall are not much effective for the new age hackers and malware. So, other methods which are more effective and provide better security should be taken into consideration and applied to the system. Some of these methods are mentioned below:
Carefully Examining the Third Party Vendors
A lot of third-party vendors are connected with a restaurant chain, and they have different purposes such as production, cleaning services and electricity. Along with the quality and the standard of work that they provide, it is also very important to check their seriousness for the security of their system. There have been many previous incidents where the data breach in a restaurant was due to the vulnerability of the vendors and their poor security practices. As these vendors have access to the data, interrogating them and knowing about the security policies that they use in their system is important for both the vendors and the restaurants. Also if the vendor is using the proper security tools such as firewalls in their network and if they are attaching any equipment to the device, what kind is it and other similar information should be asked (Bryant 2016).
Encrypting the Credit Card
The modern point of sale (POS) system have this inbuilt facility where the credit card information is encrypted from the start, and thus it does not leave much for the hackers to insert the malware into the system. These modern machines immediately encrypt the credit cards as soon as they are swiped in it, all the information such as credit card number and the code is encrypted from the start. The data stored by the machine is also encrypted, and each stage that it passes through the data is encrypted, so it is very difficult for the hackers to follow the lead to the sensitive data. The hardware of the card swipe machine does not give permission to the malware to be installed into the system, and thus the hackers have nothing of much importance for them (Pauker and Spies 2016).
Complying PCI
Payment Card Industry (PCI) is a set of rules and policies that should be followed by every business organization that uses the credit card of the customers for a transaction. The PCI adds an extra level of security to the transactions done in any business organization, thus making sure that the data is not breached and the important credit card information of the customers is safe and secured. It should be the first step of any business organization to become PCI compliant. The destruction caused by the breach in the security of an organization can be too much. It could include a decrease in sales, lack of customer trust in the company and the total loss and shut down of the company. So, it is very important for each business organization to be PCI compliant (Fung et al. 2016).
Strengthening the Network
The strengthening of the network is very important for upgrading security in any system. The condition of the network and the possible ways in which it could be protected should be taken care of by the company. The network should be so strong that even if the third party vendors are under attack, the system of the company should not get affected by it. There are some ways from which the security of the network of the company can be upgraded; some of them are mentioned here (Kenny 2017).
The first step should be to update and upgrade the office system by installing the different antivirus and firewall protection software in the system. This software should be regularly updated to prevent the attacks of advanced malware and viruses. The next step should be securing the Wi-Fi access of the company as these are the easiest open gateway for the hackers and attackers to enter into a system and through it to a network. The Wi-Fi access should be limited and protected by a password and username, and it is always considered a good option to make another guest account for the employees or guests who are not a part of the company. Segmenting the network is the best way to secure the Wi-Fi connection of an organization, it prevents the malware from spreading and is also the best way to limit the users in the network (Patron et al. 2017).
Securing Cloud Data Storage
The POS systems using cloud storage have made it easy to store the data of the customers. These new age POS systems have made it easier to store the data, and the features of these machines are much convenient than the old style systems and are also very secure as compared to the traditional POS machines. The best part about these machines is that the data of the customer is not stored onsite, rather the data is stored off-site and thus remains protected and out of the reach of the attackers and hackers. These systems also monitor the activities of the restaurant and detect the owners about any unusual activity that can take place (Saad et al. 2015).
The IT Security Principles
The CIA triad is also known as the AIC triad is a model which consists of the three goals according to which the safety and security measures that are taken for any business are based on. All the security measures and policies which are designed for securing the system or a network are designed by keeping the AIC triad in mind. The three parts of the AIC triad model are Confidentiality, Availability, and Integrity (Qadir and Quadri, 2016). The three security principles of Information Technology are explained below in detail:
Confidentiality
Confidentiality of the data is an important concept in IT security principles; it would not be wrong to assume that confidentiality is equal to privacy in many terms. Confidentiality measures are taken to ensure that the information or the data that contains sensitive information should only be shared with those for whom it is being produced. The data must be restricted and should be prevented from unauthorized access of the possible attackers or hackers. Some of the common methods that use confidentiality to prevent security breach are data encryption and password protection (Fernandez and Alexander 2016).
Integrity: The integrity principle makes sure that the data stored in the database is confidential as well as unchanged; it is the work of the integrity principle to keep the data secure through its lifetime. The data is kept safe from unauthorized access from external ways, and the integrity principle makes sure that the data remain unchanged. Any unauthorized change that can be made into the data by even the user of the same network can't also be done. Also, the backup option should be there to restore the data in any case; any changes are made in the system (Al-Far et al. 2018).
Availability: The users who have the access or the authorization to a type of data and information will be provided with the data in all costs even in the case of natural disasters. It is important to timely maintain, update and upgrade the software used in the system to keep it working. The basic nature of the availability principle is that the hardware, software and the information that completes a system and a network should be maintained and regularly updated (Moghaddasi et al. 2016).
Conclusion
This report concludes that the security issue that is most responsible for the concern in the IT infrastructure and customer information in JOHN DOUGH pizza is the external attack such as POS malware. The basic nature of POS malware is that while installing any software application, this virus comes attached to it and then affects the system and the network by entering into it. The reason it is dangerous for a system is that most of the times it is unidentified in a system and by the time it is traced, it already causes a lot of loss to the system. Most of the times, the POS malware gets undetected by the antimalware and the firewall as well. This report also focuses on the business owners being less concerned about the security of the business networks. The reason for stating it is because most of these issues can be tackled with if proper security is given to the structure or the system when it is initially set up (Peltier 2016).
This issue is very serious as a lot of customer data and information is loaded into the database of any restaurant or business, and so if that particular business gets attacked, then there could be a lot of damage. Different ways that can be implemented to protect the customer data are mentioned in the report. There have been many instances in the history where the security has been breached, and the data of the business owners had been compromised with it, some of which were Tim Horton, Applebee Restaurant and Domino's pizza.
The issues can be tackled if these business owners focus on the various ways that are used to prevent the security breach. Some of the ways mentioned in the report are: encryption of the credit card, complying PCI, cloud data POS systems and the examining of the third party vendors connected in a network with the organization. The report also focuses on the three principles that should be followed by each and every method of security to provide the maximum security to the system and the network. The three principals are called the CIA triad, which includes Confidentiality, Integrity, and Availability. John Dough pizza case study assignments are being prepared by our IT assignment help experts from top universities which let us to provide you a reliable assignment help Perth service.
References
Al-Far, A., Queef, A. and Almajali, S., 2018, November. Measuring Impact Score on Confidentiality, Integrity, and Availability Using Code Metrics. In 2018 International Arab Conference on Information Technology (ACIT) (pp. 1-9). IEEE.
Bryant, L., 2016. Cybersecurity regulations: Banking and third-party providers (Doctoral dissertation, Utica College).
Chatterjee, S., Sarker, S. and Valacich, J.S., 2015. The behavioural roots of information systems security: Exploring key factors related to unethical IT use. Journal of Management Information Systems, 31(4), pp.49-87.
DuBow, J. and Meyer, D., Fulcrum IP Services, LLC, 2016. System and method for implementation of cybersecurity. U.S. Patent 9,401,926.
Fernandez, A. and Alexander, K.M., 2016. Data Privacy and Confidentiality. iURBAN: Intelligent Urban Energy Tool, p.35.
Flowerday, S.V., and Tuyikeze, T., 2016. Information security policy development and implementation: The what, how and who. computers & security, 61, pp.169-183.
Fung, P., Moidu, S., Chan, R. and Lieberman, J., Operator Inc, 2016. PCI-compliant method for exchanging credit card information in online marketplaces. U.S. Patent Application 14/973,654.
Gordon, M.S., 2018. Economic and National Security Effects of Cyber Attacks Against Small Business Communities(Doctoral dissertation, Utica College).
Kenny, S., 2017. Strengthening the network security supply chain. Computer Fraud & Security, 2017(12), pp.11-14.
Li, Y., Shi, X. and Yao, L., 2016. Evaluating the energy security of resource-poor economies: A modified principal component analysis approach. Energy Economics, 58, pp.211-221.
Moghaddasi, H., Sajjadi, S. and Kamkarhaghighi, M., 2016. Reasons in Support of Data Security and Data Security Management as Two Independent Concepts: A New Model. The open medical informatics journal, 10, p.4.
Patron, A., Cohen, R., Li, D. and Havlin, S., 2017. Optimal cost for strengthening or destroying a given network. Physical Review E, 95(5), p.052305.
Singhal, A. and Ou, X., 2017. Security risk analysis of enterprise networks using probabilistic attack graphs. In Network Security Metrics (pp. 53-73). Springer, Cham.