MIS301 Assessment 2 Case Study Page 1 of 2 MIS301 Cybersecurity Assessment 2 Case Study Global Mall (GM) is one of the largest online marketplaces in the world with millions of active users and...

1 answer below »
Price please


MIS301 Assessment 2 Case Study Page 1 of 2 MIS301 Cybersecurity Assessment 2 Case Study Global Mall (GM) is one of the largest online marketplaces in the world with millions of active users and billions of product listings on their platform. GM’s business model resembles that of Amazon.com or eBay.com, that is, individuals or small business owners may open online stores on their platform to sell products to customers worldwide. GM enjoyed a phenomenal growth in the past few years, and in 2020 GM reported a transaction volume of 0.3 trillion dollars from their worldwide operation. GM’s headquarters is based in Melbourne, Australia. It has offices and distribution centres in major cities around the world and employs over 6000 staff globally. GM management focused primarily on the growth of business over the past years and overlooked the exposure they might have to security risks. With many cyberattacks having made headlines, and many companies of a comparable size having been compromised in those cyberattacks, the management has now become aware of the importance of cybersecurity in their business. You, as a group of cybersecurity specialists, have been engaged by GM management to (1) identify existing issues and vulnerabilities in their operation and (2) to propose recommendations to improve their cybersecurity. By talking to their management and reviewing their existing policy and network topology, you found the following: The major information systems that underpin the daily operation of GM were built in-house. GM does not believe in cloud computing and is reluctant to surrender valuable customer and transactional data to any cloud service company. Therefore, all IT infrastructure — including email servers, web servers and database servers — is hosted internally in their headquarters. The website (i.e. the online marketplace) was implemented many years ago by university graduates. The website was built in PHP and the database queries were written as concatenation of strings, e.g. string sql = “SELECT * FROM Users where UserID =” + userID; The network topology is very ’flat‘ at GM. Critical services, e.g. email/web/database servers, belong to the same subnet as all other functional departments. GM has a Bring Your Own Device (BYOD) policy that allows staff to bring their own device into the workplace and join their internal network. GM also allows visitors to join their local network through wireless APs. Visitors can find the SSID and password on the office wall and there is no physical access restriction to GM’s office. All passwords, both for customers and staff alike, are transmitted and stored in their databases as plain text. For staff, authentication relies solely and completely on passwords. There is no company policy that requires staff to periodically change their password or stipulates any rules about password length or complexity. GM encourages their staff to work from home — from there they join the company’s internal network with a VPN software application of their choice. MIS301 Assessment 2 Case Study Page 2 of 2 GM’s online marketplace operates on the HTTP protocol, and internally their major applications operate on FTP/POP/IMAP protocols. All GM’s servers open all well-known ports (0-1023). The management has not invested much in cybersecurity. No firewall or intrusion detection/prevention system is in place, and the operating systems they use on both the servers and the computers for staff have not been upgraded for many years. The IT department in GM is underfunded and understaffed. Therefore, there is no dedicated team to monitor network traffic or to perform periodic maintenance to IT systems. GM does not implement any access control. Staff may install any software on their computer at work. All files, sensitive or otherwise, are hosted on an FTP server and can be accessed by all staff through an FTP application of their choice. There is no effort to develop staff’s awareness on cybersecurity and there are no training sessions to educate staff on cybersecurity. MIS301_Assessment_2 Part A_ Brief_Case Study Report_Identification of Issue_Module 3.2 Page 1 of 7 Context As a cybersecurity specialist, a significant part of your time is spent on identifying vulnerabilities to informational assets in an organisation and making recommendations to mitigate those identified vulnerabilities and threats. In real-world contexts, you may also encounter ethical dilemmas in cybersecurity practices. This assessment, through three parts and submissions, develops your skills in identifying and communicating threats and vulnerabilities to informational assets, making recommendations to the identified threats and vulnerabilities to cybersecurity and understanding the ethical ‘best practices’ to address ethically difficult issues in cybersecurity practice. Instructions: Assessment 2 consists of three parts. All three parts are based on the attached case study and is a group assessment For Part A: ASSESSMENT 2 PART A BRIEF Subject Code and Title MIS301 Cybersecurity Assessment Case Study Report and Presentation: Identification of the issues Individual/Group Group Length Part A: 1500 words (+/- 10%). Learning Outcomes The Subject Learning Outcomes demonstrated by successful completion of the task below include: a) Investigate and analyse the tenets of cybersecurity. b) Identify and communicate a range of threats and vulnerabilities to informational assets. c) Recommend and justify robust solutions to identified threats and vulnerabilities to cybersecurity. d) Develop own professional practice and ethical standards around security issues and implementation of solutions. Submission Due by 11:55pm AEST Sunday of Module 3.2 Weighting 25% Total Marks 100 marks MIS301_Assessment_2 Part A_ Brief_Case Study Report_Identification of Issue_Module 3.2 Page 2 of 7 1. Form groups of 2 to 3 members. Please read the attached MIS301_Assessment 2_Group Work Guide document for information on group formation, registration and administration. 2. Read the attached case study. 3. Based on the case study, you, as a group, are required to submit a 1500-word report to the managers, who do not have a technical background. The report must address the following tasks: a. identifying the informational assets that need to be protected and build a business case for management to justify investment in cybersecurity b. identifying and discussing at least five (5) vulnerabilities that exist in the company’s IT infrastructure and operation c. for each vulnerability, discuss potential threats, possible attacks and the consequence for the business. 4. Your report must be related to the case study and not a general report on cybersecurity. 5. Report structure: a. Title page: Subject code and name, assessment number, report title, assessment due date, word count (actual), student names, student IDs, Torrens email addresses, learning facilitator, and subject coordinator. b. Table of Contents (ToC): It should list the report topics using decimal notation. It needs to include the main headings and subheadings with corresponding page numbers, using a format that makes the hierarchy of topics clear. Because you are including a ToC, the report pages should be numbered in the footer as follows: title page has no page number; and the main text should have Arabic numerals commencing at 1. Create the ToC using Microsoft Word’s ToC auto-generator rather than manually typing out the ToC. Instructions can be found here https://support.office.com/en-gb/article/Create- a-table-of-contents-or-update-a- table-of-contents-eb275189-b93e-4559-8dd9-c279457bfd72#__create_a_table. c. Introduction (90-110 words): It needs to provide a concise overview of the problem you have been asked to research, the main aims/purpose of the report, the objectives to be achieved by writing the report and how you investigated the problem. Provide an outline of the sections of the report. d. Body of the report (use appropriate headings in the body of the report) (1170-1430 words): Ensure that you address the tasks listed above. Do NOT use generic words such as ‘Body, Body of the Report, Tasks’ as section headings. Create meaningful headings and subheadings that reflect the topic and content of your report. e. Conclusion (90-110 words): Restate the purpose of the report and key issues investigated and the related findings based on your research and analysis. f. Reference list g. Appendices if necessary. 6. Before submitting your assessment, check it against the assessment criteria and the marking rubric included in this brief to ensure that you have satisfactorily addressed all the criteria that will be used to mark your submission. 7. Download the Group Participation Matrix from Assessment 2 Part A section. Use this document to review your group members’ performance in this assessment and to specify their specific contribution made to group work. This Group Participation Matrix document needs to be submitted individually through the Assessment 2 Part A submission link. MIS301_Assessment_2 Part A_ Brief_Case Study Report_Identification of Issue_Module 3.2 Page 3 of 7 Referencing It is essential that you use appropriate APA style for citing and referencing research. Please see more information on referencing here https://library.torrens.edu.au/academicskills/apa/tool Submission Instructions Group submission 1. Each team will submit ONE Microsoft Word document (.doc or .docx) via the Assessment link in the main navigation menu in Blackboard. The Learning Facilitator will provide feedback via the Grade Centre in the LMS portal. Feedback can be viewed in My Grades. Peer evaluation – Individual Submission 2. Each individual student is to submit a completed Group Participation Matrix document in the Peer Evaluation submission link. Please submit a peer review correctly, as no submission may result in zero grading for this assessment criteria. Academic Integrity Declaration We declare that except where we have referenced, the work we are submitting for this assessment task is our own work. We have read and are aware of Torrens University Australia Academic Integrity Policy and Procedure viewable online at http://www.torrens.edu.au/policies-and-forms We are aware that we need to keep a copy of all submitted material and their drafts, and we will do so accordingly. https://library.torrens.edu.au/academicskills/apa/tool http://www.torrens.edu.au/policies-and-forms MIS301_Assessment_2 Part A_ Case Study Report_Identification of Issue_Module 3.2 Page 4 of 7
Answered 1 days AfterJul 07, 2021MIS301

Answer To: MIS301 Assessment 2 Case Study Page 1 of 2 MIS301 Cybersecurity Assessment 2 Case Study Global Mall...

Deepti answered on Jul 08 2021
162 Votes
Vulnerabilities & Cybersecurity
Table of Contents
Introduction    1
Information Assets    1
Vulnerabilities and Threats    2
System Misconfiguration and Unpatched software    2
Weak Authorization and authentication    2
Network Vulnerability    2
Unprotected Password    2
Lack of Awareness    3
Conclusion    3
References    3
In
troduction
This report focuses on the security vulnerabilities of the target company GM. The company assets that need protection and may be under security threat are identified. Five main vulnerabilities of the assets are described in detail and the attacks for the business as consequences of the vulnerabilities are highlighted.
The following sections enlist the information assets of the company followed by the five vulnerabilities such as unpatched software, system misconfiguration, weak authentication and authorization, network vulnerability and lack of training and awareness. These vulnerabilities lead to different types of cyberattacks like Denial of Service, insider attack, phishing, password attack, malware, social engineering attack and ransomware. Such vulnerabilities and attacks shall damage the business reputation and affect the confidence of customers in the company. This can potentially lead to loss of customer, loss of sales and thus loss of business. The discussion establishes that the current scenario at GM requires the management to think about cybersecurity and investing appropriately into IT system and its maintenance on high priority.
Information Assets
The chief information assets of GM include hardware, software, network, devices, personnel and the company website. Every part of the organizational structure that processes as well as stores information related to processes, employees and customers re included in assets.
· Hardware Components: USB removable drives and miscellaneous USB devices, BYOD devices like laptops, smartphones, inside connections, Wireless access points, routers, email server, web server, database server, network ports
· Software Components: Mission critical application GM Website, support systems.
· Confidential information including customer information, employee information, transactional data and critical information about the business processes of GM
GM business can face serious repercussions if the assets fall victim to an attack. The company could lose business and revenue, operations will be disrupted or intellectual property could be stolen, GM could face lawsuits and reputational damage. Furthermore, in order to increase customer base, it is crucial for GM to assure its customers for data integrity, availability and confidentiality. Investing in cybersecurity is the need of the hour for GM since it will support company’s growth, save costs and keep cyber attacks at bay with a protection system in place. Incorporating cybersecurity into the company’s DNA will help it in implementing security policies and controls and address threats easily.
Vulnerabilities and Threats
System Misconfiguration and Unpatched software
This vulnerability is identified owing to vulnerable settings of the GM network....
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here