Network Security Assignment: Issues in Tasmanian University
Question
Assignment Specification: This assignment needs to be completed as an individual, and will extend beyond just the writing of an assignment, to also undertaking peer marking to facilitate learning about multiple topics.
Once we have read the available topics, our next step is to login to the peer assessment tool which will be available at the start of week 2 and select the topic. There will be limited numbers in each topic to ensure a spread of topics across the class. But, once you have selected a topic, and have selected it on, it is time to get busy working on the assignment. It is vital to official select the topic before you write it.
This is a research assignment, and as such you are expected to read a range of content on your topic, and distil it down to your thoughts on the topic. This means putting content into your own words and citing where content has come from. A range of different sources are expected, including academic sources. Most academic sources will likely be peer-reviewed articles that have been published in Journals or Conferences, although other sources are permitted (such as books, and government / standards bodies documents). All source material must be cited and then be listed in a references section at the end of the assignment. Correctly citing and referencing the content you have used makes up a significant part of your final mark.
You are required to use the Harvard referencing style which a short description of can be found by following the link below.
https://utas.libguides.com/referencing/Harvard
This assignment is to be 2000 approximately in length, but not including the reference list. It may contain diagrams and figures.
Topic
- Choose one of the following 5 topics:
- Blockchain is currently one of the most loaded buzzwords within the IT industry due to the wealth creation of cryptocurrencies. Discuss the technology and the role it can have in other areas beyond currency.
- Discuss the possible security implications in the current widespread adoption of IoT devices globally.
- Earlier this year a data breach occurred at a company called PageUp that affected the University of Tasmania. Discuss the responsibilities of companies in the event of a data breach in relation to the Federal Data Breach Notification (NDB) scheme.
- Many websites and other network services in recent times increased their usage of second factor authentication. Describe how this can mitigate the risks present in password only systems.
- Describe the concept of a Man-In-The-Middle attack, and then describe the main countermeasure used on the web to mitigate the risk of such an attack.
Answer
Introduction
In this Network Security Assignment, the discussion is focused on network security issues. Network security is a strategy that used by a company to ensure the security of the organizational data including its network traffic. Network Security deals with both hardware and software technologies. It is a combination of multiple defensive algorithms at different layers. Various policies and algorithm control the security at each layer. Authorized users only can access the network. However, malicious users should be blocked in order to prevent threats. Due to heavy digitization, many financial and non-financial transactions are being done on daily basis using the internet. It is very important for the organizations to keep these transactions secure, as leakage of these confidential data may highly affect the company. Data Breach is a common issue faced by many companies. It means the unintentional or planned release of confidential data into the untrusted environment. Due to the data breach, much valuable information can be leaked in public. It is the huge threat to the company as well as the customers whose information are leaked. This Network Security Assignment tends to focus on the responsibilities of "PageUp" in an event of the data breach in the company.
Discussion
Data Breach: Data breach is a serious issue nowadays. The data breach can be understood in a simple way it is an incident in which an individual or a company illegally access the data of a person without the approval. It is a kind of security breach, which is design to steal all the information or to publish all the information from an illegal source (Romanosky, Hoffman and Acquisti, 2014). The data breach can also be classified as a data spill. In a common data breach, information such as credit card numbers, personal details of a person can be exposed to the third party. It is a serious threat to the users or the customers, if the company found guilty of data breaches then the company will be penalized or they will face the civil proceedings.
Causes of the Breach: According to Romanosky, Hoffman and Acquisti (2014), a simple example of a data breach is when a hacker hacks into the companies database to steal some sensitive data about the company or any customer, this can be considered as a high-level breaching. However, a person who is not an employee of a bank and watches all the entries in the computer system can also be considered as a data breach.
Data breaches can be brought by weak password, laptop, and mobile that have been stolen. People who are using free open Wi-Fi that can capture the login credentials can lead to the exposure of the data. Mainly the data has been hacked by the Email (Wikina, 2014). In which a hacker will be sent a mail which will be lead to a browser where it will ask the person to provide email id and password, once all the information is been recorded. It will help the criminals to get all the important content and records of the company or the individual. Many rivals companies in the same field do the same to get all the information to compete. These hackers and the cybercriminals cause the data breaches, however, there are also some incidents where the government or the company accidentally expose the sensitive data in the public forum. These incidents can be referred to as accidental data breaches.
Notifiable Data Breaches scheme (NDB): The NDB is a scheme, which comes under part IIIC of the Privacy Act 1988, which was recognized for the requirement of the organization in responding to data breaches. The privacy amendment act 2017 established the NDB in Australia. This scheme is applied to all the agencies and the companies who have the personal information security obligations under the Australian Privacy act 1988 (Leonard, and Principal, 2018).
The NDB scheme helps the individual to inform him about the data breach of personal information, which can provide a serious harm to the individual. This kind of information should include some of the recommendations as if the individual in response to the data breaches that is provided by the agencies can take what steps. Apart from that, the Australian information commissioner is also been notified about the data breach. If the companies have to notify the commissioner about the data breach, they can lodge their statement through the NDB statement form (Carter, and Hartridge, 2018).
Importance of NDB: The NDB scheme helps the individual to protect the personal information and improves the simplicity in the context of the agencies and the organization in responding to the serious data breaches. NDB supports and improves the community confidence that all the personal information is protected. It helps to promote the higher principles of personal information security across all the Australian industries (Carrigan, Gallagher, and Di Marco, 2017).
Response summary on Data Breach: The below diagram provides a complete overview of a typical response of data breach which includes the requirements of NDB Scheme.
Notable Data Breaches: In the recent times, there are many cases of the data breaches in small and large organizations, as well as the government agencies. A recent case on PageUp, which has been discovered by the company as some of the data, has been leaked to the employees as well as the clients of the company. The company has announced about the data breach and the investigation that is going on. Apart from that in 2013, one more company has been breached by some hacker and exposed the customer’s name and their credit card information (Cheng, Liu and Yao, 2017). Later on, the company has announced about 40 million customers has been affected by this data breach. By the investigation found that the third party business partner had been breached. The company access the target's network by providing the credentials and spread malware to the company's POS system. The company found guilty and they have to pay tens of millions in a legal settlement. Moreover, the company's CEO has resigned from his post. There are many examples of data breaches in this 21st century, which causes many companies to lose their important records and customer data.
Data Breach in Page Up: PageUp is a multinational software company based in Sydney. Many high profile Australian companies use the service of PageUp for their various operations. Especially the services are used for recruitment purpose. However, earlier this year a data breach was reported in PageUp, due to which a huge amount of data were compromised. Some of the popular companies that are using the software services are Wesfarmers, Linfox, ABC, and Telstra.
According to Sen and Borle (2015), many job applications were compromised due to data breach occurred. These applications contain various data that could be extremely useful by frauds. The data include birth date, passport details, bank account details, and tax file numbers. Various government bodies and large private sector companies were heavily dependent on Page Up for their recruitment process. Nevertheless, due to this incident, these companies have suspended their sites.
PageUp has more than two million users in 190 countries. The company posted that there was an "unusual activity" noticed in their system. In addition, they urged their users to suspend use of their services for a few days to prevent data loss. They also made an investigation team to search the root cause behind the data breach activity (Sen and Borle, 2015).
The respective clients of Page include:
- NAB (National Australia Bank)
- Commonwealth Bank
- Linfox
- Wesfarmers
- Lindt
- Reserve Bank of Australia
- ABC
- University of Tasmania
- Medibank
- AGL
- Australian Red Cross
After the investigation, Cybersecurity experts said that they have not found any further threats in the system. They also said that PageUp is safe for use. As per the forensic report, it is confirmed that PageUp systems were hacked by an unauthorized person. The incident has happened on 17th June 2018.
The data obtained by the hacker is listed below:
Information from employees and former employees of PageUp Clients: Some personal information of employees was affected. These include contact information of the employee (name, telephone number, physical address and e-mail address) and employment information (employment status, company name, job role)
Job Applicants: These include contact information and employment information during the job application.
It also includes biographical details (gender, nationality, DOB and whether the applicant is the local resident or not)
Job References of Client: The references also include applicant information, employment information, and contact information
Affect on University of Tasmania: More than 3,500 people were enlisted in the job site of the University of Tasmania. Due to the exposure of data, the e-mails and other valuable information were compromised in the public (Bill and Bartels, 2015). The job seekers who applied through the recruitment site had filled various vital information such as Bank details, Tax file numbers, employment conditions, and various related personal information. When these data were compromised, it could have caused financial loss of the jobseekers. However, it was not sure that how many of these people got actually affected due to this incident.
Further, the University of Tasmania (UTA) has suspended all of their recruitment processes as a precautionary step.
Responsibilities of PageUp in context of NDB: According to Savage et al. (2016), the company should provide a secure environment in the web so that further security breach can be prevented (Martin, Borah and Palmatier, 2017). The company is now associated with the Australian Cyber Security Centre (ACSC), multiple individual security agencies and Australian Federal Police to deal with the network security issues.
Primarily the company should focus on their IT infrastructure and its firewalls to prevent exposure of data. The company should take these steps:
Not allowing invaders: The security policies and related protocols should be improved. The IT system should use algorithms to create a unique security key for a particular authorized person. The key should be changed periodically in order to increase the security level of the system. PageUp can implement new policies to improve overall network architecture.
Security architecture may require advanced protection and segmentation: The algorithms should be kept in various layers so the system to increase the physical level of security. Additionally, advanced software and hardware can be implemented to strengthen the security (Savage et al. 2016). Further, all the data should not be kept in the same place. The data should be kept in various network drives or servers so that an occasional data breach could not make a huge impact on the company. The segmentation helps the company to effectively prevent a data breach. The PageUp can introduce this method to increase their network security.
Introducing key: Various advanced security algorithms and firewalls should be used in the cyber system. These algorithms should use the basic idea of the unique authorized security key for each user (Haager et al. 2018). However, an expert or a group of experts should always monitor these programs to check the arrival of potential threats in the system. Further, these keys should be valid only for specific time intervals. It means each time a user tries to log in to the system, it will ask some relevant security questions to the user. The system will provide a valid security key depending on the validity of those answers. If an unauthorized user also fails to provide the correct relevant answer, he will not able to access the system during that time. The user might need to contact system admin of PageUp for further process.
Conclusion
Based on the Network Security Assignment it could be understood that the Data Breach is a serious threat to the company as it will affect the company’s customers and the employees believe. Data protection is one of the important works for the company. It could be stated the breach in the PageUp company is also been discussed as it will provide the clear concept of the data breach, as well as the Role of the NDB, was also discussed. How NDB helps the people to have some confidence about their personal information that will be protected. There are some rules and regulations, which have been set by the NDB, which has to be followed by the companies in order to protect the data and records of the individual, like keeping the records in separate systems and the password, which changes day by day, these Suggestions, may protect the data from theft. Apart from in, this Network Security Assignment there is a discussion on how the companies are responsible for the preventions of the data loss of the companies and the individual. Network security assignments are being prepared by our IT experts from top universities which let us to provide you a reliable IT assignment help service.
Reference
Bill, E. and Bartels, L., 2015. Suspended Sentences in Tasmania: An Analysis of the Impact of Recent Breach Reforms. U. Tas. L. Rev., 34, p.6.
Carrigan, D., Gallagher, J. and Di Marco, B., 2017. Australia's new mandatory data breach notification regime: How to prepare your business. Governance Directions, 69(5), p.280.
Carter, D.J. and Hartridge, S., 2018. Mandatory data breach notification requirements for medical practice. The Medical Journal of Australia, 209(6), p.1.
Cheng, L., Liu, F. and Yao, D., 2017. Enterprise data breach: causes, challenges, prevention, and future directions. Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery, 7(5), p.e1211.
Haager, J., Sandwith, C., Terrano, J. and Saripalli, P., Topia Tech Inc, 2018. Systems and methods for security hardening of data in transit and at rest via segmentation, shuffling and multi-key encryption. U.S. Patent 9,990,502.
Leonard, P. and Principal, D.S., 2018. The new Australian Notifiable Data Breach Scheme.
Martin, K.D., Borah, A. and Palmatier, R.W., 2017. Data privacy: Effects on customer and firm performance. Journal of Marketing, 81(1), pp.36-58.
Romanosky, S., Hoffman, D. and Acquisti, A., 2014. Empirical analysis of data breach litigation. Journal of Empirical Legal Studies, 11(1), pp.74-104.
Savage, C., Petro, C. and Goldsmith, S., Ponoi Corp, 2016. System for providing session-based network privacy, private, persistent storage, and discretionary access control for sharing private data. U.S. Patent 9,262,608.
Sen, R. and Borle, S., 2015. Estimating the contextual risk of the data breach: An empirical approach. Journal of Management Information Systems, 32(2), pp.314-341.
Wikia, S.B., 2014. What caused the breach? An examination of the use of information technology and health data breaches. Perspectives in health information management, 11(Fall).