HOLMES INSTITUTE FACULTY OF HIGHER EDUCATION HI5019 Strategic Information Systems for Business and Enterprise Group Assignment Assessment Details and Submission Guidelines Trimester T1 2020 Unit Code...

1 answer below »
mm


HOLMES INSTITUTE FACULTY OF HIGHER EDUCATION HI5019 Strategic Information Systems for Business and Enterprise Group Assignment Assessment Details and Submission Guidelines Trimester T1 2020 Unit Code HI5019 Unit Title Strategic Information Systems for Business and Enterprise Assessment Type Group assignment Assessment Title Cyber Security Case Studies Purpose of the assessment (with ULO Mapping) Students are required to:  Evaluate systems development methodologies and the role of accountants in system development projects (ULO 3)  Appraise the risks inherent in computer-based systems/ERP, including the role of ethics and the various internal control processes that need to be in place (ULO 4)  Critically evaluate the range of cultural, security, privacy and ethical issues facing individuals and organisations as a result of information systems (ULO 5) Weight 30% of the total assessments Total Marks 30 Word limit Not more than 3,500 words Due Date Week 11, Friday 5:00 pm (AEST) Submission Guidelines  This assignment is to be completed by a group of 2 - 4 students.  Students must report the names and student IDs for all group members to the lecturer of their class by e-mail before the end of week 8.  All work must be submitted on Blackboard by the due date along with a completed Assignment Cover Page.  The assignment must be in MS Word format, no spacing, 12-pt Arial font and 2 cm margins on all four sides of your page with appropriate section headings and page numbers.  Reference sources must be cited in the text of the report, and listed appropriately at the end in a reference list using Harvard referencing style. Page 2 of 6 HI5019 Strategic Information Systems for Business and Enterprise Group Assignment Assignment Specifications Purpose This assignment aims at developing your group’s understanding of latest cyber security issues and their impacts on business operations. Your group is required to critically evaluate three recent cyber security case studies and their lessons to business organisations. Required Your group is required to conduct a literature search and select three (3) cyber security case studies that are published between 2014 – 2019. Based on the selected case studies, your group is required to prepare a written report to cover the following points:  Description of case company in each case o General information of the company o Key business processes of the company  Cyber security issues covered in each case o Key cyber security issues identified in each case o Risks associated with the issues o Impacts of the issues on case company  Lessons learnt from each case o Actions reported in each case to address the identified issues o Outcomes of the reported actions o Proposed actions other than the reported ones that could be taken to address the issues o Suggestions for preventing the issues in future Assignment Structure The report should include the following components:  Assignment cover page clearly stating your name and student number  A table of contents  A brief introduction or overview of what the report is about.  Body of the report with sections to answer the above issues and with appropriate section headings  Conclusion  List of references The report should be grounded on relevant literature and all references must be properly cited and included in the reference list. Page 3 of 6 HI5019 Strategic Information Systems for Business and Enterprise Group Assignment Group contribution To ensure that all students participate equitably in the group assignment and that students are responsible for the academic integrity of all components of the assignment. Your group needs to complete the in a table similar to the following one which identifies which student/students are responsible for the various sections of the assignment. Assignment Section Student/Students The table needs to be completed and submitted with the assignment as it is a compulsory component required before any grading is undertaken. Marks may be deducted if a student does not make sufficient contribution to the assignment. It is students' responsibility to provide evidence for their contributions to the assignment in the event of dispute. Marking criteria Marking criteria Weighting General information of case companies 2% Key business processes of case companies 2% Key cyber security issues identified in each case 4% Risks associated with the identified cyber security issues 3% Impacts of the identified cyber security issues 3% Actions reported to address the identified issues 4% Outcomes of the reported actions 4% Proposed actions other than the reported ones for addressing the issues 2% Suggestions for preventing the issues in future 2% Presentation 2% Research quality 2% TOTAL Weight 30% Page 4 of 6 HI5019 Strategic Information Systems for Business and Enterprise Group Assignment Marking Rubric Excellent Very Good Good Satisfactory Unsatisfactory General Information of case companies /2 Provide clear, concise and accurate information of case companies. Provide complete and accurate information of case companies. Provide accurate information of case companies. Provide information of case companies that is mostly accurate. Fail to provide accurate information of case companies. Key business processes of case companies /2 Identify all key business processes of case companies. Identify most key business process of case companies. Identify most key business processes of case companies with minor errors. Identify some business processes of case companies with errors and/or omissions. Fail to identify any key business process of case companies. Key cyber security issues identified in each case /4 Identify all key cyber security issues identified in the cases. Identify most key cyber security issues identified in the cases. Identify most key cyber security issues identified in the cases with minor errors. Identify some key cyber security issues identified in the cases with errors and/or omissions. Fail to identify any key cyber security issue identified in the cases. Risks associated with the identified cyber security issues /3 Present an excellent discussion on risks associated with the identified cyber security issues. Present a very good discussion on risks associated with the identified cyber security issues. Present a good discussion on risks associated with the identified cyber security issues with minor errors and/or omissions. Present a reasonable discussion on risks associated with the identified cyber security issues with errors and/or omissions. Fail to present a proper discussion on risks associated with the identified cyber security issues. Impacts of the identified cyber security issues /3 Present an excellent discussion on impacts of the identified cyber security issues. Present a very good discussion on impacts of the identified cyber security issues. Present a good discussion on impacts of the identified cyber security issues minor errors and/or omissions. Present a reasonable discussion on impacts of the identified cyber security issues with errors and/or omissions. Fail to present a proper discussion on impacts of the identified cyber security issues. Actions reported to address the identified issues /4 Identify all reported actions for addressing the identified issues. Identify most reported actions for addressing the identified issues. Identify most reported actions for addressing the identified issues with minor errors. Identify some reported actions for addressing the identified issues with errors and/or omissions. Fail to identify any reported action for addressing the identified issues. Page 5 of 6 HI5019 Strategic Information Systems for Business and Enterprise Group Assignment Outcomes of the reported actions /4 Present an excellent discussion on outcomes of the reported actions. Present a very good discussion on outcomes of the reported actions. Present a good discussion on outcomes of the reported actions with minor errors and/or omissions. Present a reasonable discussion on outcomes of the reported actions with errors and/or omissions. Fail to present a proper discussion on outcomes of the reported actions. Proposed actions other than the reported ones for addressing the issues /2 Propose practical and effective actions based on strong arguments. Propose practical and effective actions based on good arguments. Propose sound actions based on reasonably good arguments. Proposed sound actions with errors and omissions based on valid arguments. Fail to propose proper actions or back the proposed actions with valid argument.. Suggestions for preventing the issues in future /2 Present an excellent discussion on suggestions for preventing the issues in future. Present a very good discussion on suggestions for preventing the issues in future. Present a good discussion on suggestions for preventing the issues in future with minor errors and/or omissions. Present a reasonable discussion on suggestions for preventing the issues in future with errors
Answered Same DayJun 12, 2021HI5019

Answer To: HOLMES INSTITUTE FACULTY OF HIGHER EDUCATION HI5019 Strategic Information Systems for Business and...

Harshit answered on Jun 13 2021
150 Votes
CYBERSECURITY CASE STUDIES
    Serial Number
    Contents
    Page Number
    1.
    Introduction
    1
    2.
    Case Study 1
    2-4
    3.
    Case Study 2
    5-7
    4.
    Case Study 3
    8-10
    5.
    Conclusion
    11
    6.
    References
    12
INTRODUCTION
In today's world, the internet has become the basis of every business from running the business to maintaining compliance and data security. Digitalization has reduced the burden on paper and immensely made the work easier. Computers has become a means to everything as it reduces the effort and therefore people can focus more on the business than to other secondary works. The Information Technology servic
es have become pervasive over the years. The internet has an impact on the business environment along with a huge social impact as well. Modern human life has now been surrounded by the Internet of Things which includes education, business, and health care. These business houses work on their computer systems or under IT devices. Therefore they need to store sensitive data and information in these devices which becomes vulnerable because of such vast connection of devices. The information is at risk as this information if leaked may cause huge losses. Therefore the need for cybersecurity has increased. There has been an immense rise in the number of cybersecurity threats and the data is exposed to various forms of theft or destruction (Buczak, A.L. and Guven, E., 2015). As the number of these attackers is increasing the methods used by them are also becoming sophisticated and efficient.
CASE STUDY 1
DoorDash
GENERAL INFORMATION
DoorDash Inc is an American company that is involved in the food delivery service which was established in the year 2013 by some students from Stanford University. It uses technology to deliver food from restaurants to customers on demand. DoorDash is used in more than 4000 cities serving over 340000 stores across the United States of America and Canada. It ranks 3rd in the industry of third party delivery service in the United States of America. The company is valued at more than US $ 13 billion employing more than 7500 employees.
KEY BUSINESS PROCESS
DoorDash connects the people in several cities and empowers the local businesses including the small restaurants. It has generated huge employment opportunities in the countries and generated a new medium to earn and live. It is a mobile application based company that connects the customers who order food from a particular restaurant. It also started delivering essential food and household items to the doorstep of the customers. The customers used their personal information to get registered on the application and thereby creating their account to be able to use the application.
KEY CYBERSECURITY ISSUES
As the customers used their personal information to create an account in the application, DoorDash used to save the data of the customer in the server. The main issue of cybersecurity was the theft or leakage of the data of the people registered on the application which eventually may lead to a huge chain of consumer fraud including identity theft and other frauds. The leakage of a person's information may be used to rob him of money, scam the user getting access to his email, even the payment method used for making payment in the application can also be leaked. Following are some of the cybersecurity issues in the following case:
· The personal information of the customers was leaked to an unknown source which may be harmful in many ways to the customers.
· Social engineering wherein the important information can be accessed by some third party who does not right to that information willing by the person of whom the information is related.
· Most of the data, in this case, is stored in the cloud database which can be hacked into easily making such data vulnerable.
RISKS ASSOCIATED AND IMPACTS WITH SUCH CYBERSECURITY ISSUES
In the case of DoorDash, the information of more than 4.9 million people was leaked and the company claimed that the people who were registered on or after the 5th of April 2018 were not affected by the same. The biggest risk involved was the accessibility of the personal information to the third party and due to the security breach, information of more than 4.9 million people including the merchants and the delivery drivers were leaked. The company suffered a security breach into its database due to which the data related to both the consumers and the merchants as well as the delivery drivers were leaked. Following data were accessed by the security breach:
· Name of the people
· Email addresses
· Address where the food was being delivered
· Order histories
· Contact number along with passwords
· In some cases, the last four digits of the payment cards were also leaked along with the date of expiry and the CVV numbers.
· The number of driver's licenses was also accessed by the delivery drivers.
ACTIONS REPORTED TO ADDRESS
The company primarily suggested the users to change the password to their account in DoorDash as some of the customers complained that their accounts were being hacked. Although the company believed that the passwords were not compromised but still they recommended the same to the people. The company also improved its level of security by adding more layers of firewall between the third party and the servers where the data were stored. In some cases, the data that was leaked was used to make payments and caused a serious threat to the identities of the people.
OUTCOMES OF SUCH ACTIONS
The data that was leaked led to a huge hue-cry amongst the users of other applications as well as the consumers and the merchant considered that if this can happen in the case of a renowned company like DorrDash the same can happen to the other applications as well. The company installed new servers and added several layers of new security firewall to protect the data in case of any further breaches.
PROPOSED ACTIONS
The company also improved the security protocols to get the access to the systems and the servers. The company also appointed third party outside security experts who investigated the parties who were involved in the breach of data. It also cannot be completed calculated the total impact and how the information could be used by the people stealing the data. The company's initial policy related to the password of the...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here