MITS5004 IT SECURITY ASSIGNMENT SAMPLE
Part 1(MITS5004 ASSIGNMENT SAMPLE )
1. News on computer security breaches that occurred during April – August 2015-2018
As increasing the use of the internet and computer in the business environment, it can be seen that an issue is also increasing that is security breaches. It is a kind of illegal and unethical activity in the business and anywhere.
The computer security breaches can be defines as the unethical incident that includes the unauthorized access of data, application, service, network by avoiding and breaking the security mechanism. In this, it can be seen that when a person firm enters in the IT security private and confidential logical IT area or data (Udo et al., 2018).http://MITS5004 IT SECURITY ASSIGNMENT SAMPLE
In the past 4-5 years, it can be seen that various events happened that affected various companies and their customers. Following are some example of computer security breaches those occurred in April – August 2015-2018
On October 2016, a data security breach case has been seen in the context of Adult Friend Finder that is an adult content website. In this, it is found that hackers have stolen data of the clients of the website.
Hackers have stolen the data from 6 databases of the company that includes the 20 years data of its clients. In the stolen data and information includes the names, email and passwords.
In this, it is also found that most of the passwords were protected from the weak hashing algorithm such as SHA1. Due to this, 99% of the data were checkered that is found by 14 November when leakedsource.com is posted the analysis report (ZD Net, 2016).http://MITS5004 IT SECURITY ASSIGNMENT SAMPLE
Steve Ragan determine that a researcher that goes from 1×0123 into twitter and search the adult friend from the potential Twitter users and post the screenshot of the password and log in Id.
It was also determined that incident of the access of the data happened and its reason is found in when the audit friend founder use the model. At the same time, it is also found that the vice president of Diana Ballou also said that we have found the error invulnerability and solved this problem that was associated with access source code by an injection.
In the depth analysis of the issue of the security breach, it is found that there was the error in the security system of the databases. It can be a reason that helped the hacker to enter in the database. In the news of CSO Online determined that one skilled and talented IT professional that is also known 1 × 0123 or revolver explored that the weakness of the security of AdultFeiendfinder.com site. Hence, it can be assumed that the hackers might have used these weaknesses to reach into the database of the site (Lore et al., 2016).http://MITS5004 IT SECURITY ASSIGNMENT SAMPLE
A same kind of issue was also found in the case of Equifax that is one from the largest credit bureaus in the USA that was faced the issue of the computer security breaches in July 2017.http://MITS5004 IT SECURITY ASSIGNMENT SAMPLE
In this case, it is found that the hackers have stolen the data and information of 143 million customers that include the birth dates, social security numbers, address and license number of the customers. It also includes the credit card data of 209000 customers. The CEO of the company explored on 7 September 2017 that the company has found application vulnerability that created the issue of the data breach in which data of 147.9 million customers are included.
This incident was found on 29 July but, the company said that the starting of this issue happened at the mid of May (Betz, 2016)
In order to remain safe from these kinds of the security breach attack, it can be recommended that companies that store the data and information of the customers and employees at the large scale they should keep tight security in the current system.
They should follow the strategy as maximizing security controls. At the same time, it is also recommended that companies should also use patches and regular update the security system.
It is because each security system has some pokes that allow the hackers to enter into the database. So that the companies should regularly update and analyze the security system. Moreover, the companies should also use powerful coding and passwords to protect the data and information from the hacker. It is easy for the hacker to creak the easy and weak passwords (Chen et al., 2017).http://MITS5004 IT SECURITY ASSIGNMENT SAMPLE
2. Asynchronous I/O activity is a problem with many memory protection schemes
In the computer science, asynchronous I/O is a kind processing of the input and output. That is helpful to permits the other devices and process to carry on the process before finishing the process.
However, it is possible that the process of the input and output can be slow as compared to the process of data. An I/O device includes all these tools and equipment that have a strong desire to move further. For example, one hard drive demands the read and write, it is an example of the slow speed as compared to the switching of electric current (Julia dotter and Choo, 2015).http://MITS5004 IT SECURITY ASSIGNMENT SAMPLE
The process of the Asynchronous I/O start from a simple approach but, the operator has to wait for the completion of the process. This kind of the approach is called synchronous blocking I/O that is able to the stop the progress of the program. It is also able to break the communication between the two processes.
As using the concept of the fence register, the main aim of the operating process is to improve the total capacity that is significant in the multiuser environment where a number of the user are two or more than two.
It creates the problem for the user and analyzer because, in this situation, it is difficult to identify the file where it is loaded in the system. In this, the relocation register solves the problem of by allowing the access of the base starting address. Due to the base address, all the addresses are affected (Cobb et al., 2018). http://MITS5004 IT SECURITY ASSIGNMENT SAMPLEAt the same time, all the addresses are found different from the base address.
Therefore, a variable fence register is called as the base register in the IT process. It is because a fence register is able to provide the access of the lower bound and it makes the distance in accessing the upper bound. However, the knowledge and understanding of the upper site can be helpful to measure the allocated space for the forbidden areas (Warner, 2015).http://MITS5004 IT SECURITY ASSIGNMENT SAMPLE
In order to mitigate this kind of the problem, the user should add the second register. In this process, the second resister will be called a bound register. It will be helpful to identify the upper bound on the system. In this situation, each program address is a concern to existed base address.
It is because the content of the base address can calculate the total address limit. At the same time, this technique is also helpful to protect the program address from the modification in rare situations by another user. Moreover, it can also be defined that the use of this technique is also helpful for other users to solve issue and problem at the time of when a change can be seen from one user program to another.
In this condition, when execution changes can be seen from one user program to another user program, in this condition, it becomes essential for the operating system to recognize and change the address of the bound and base register. It is helpful to determine the true address space for the user (Thompson et al., 2017).http://MITS5004 IT SECURITY ASSIGNMENT SAMPLE
Part 2
Report on 2011 Sony play station network outage case
What was the problem?
In 2011, Sony play station outage was the external intrusion. After 7 days shut down, Sony has announced that its Play Station Network was hacked by the unknown hackers. In which, approx.
77 million account details were affected. It was the biggest incident in the history of the cyber attack. During the attack, users were not able to access their accounts on the play station. It was an external intrusion, where users Name, date of birth, Email address, password, security question etc. were exposed.
This attack conducted in between at 17 April to 19 April 2011 that forced Sony to shut its play station for some days. It was the biggest data security breaches in the history where 77 million accounts data were compromised (CNN Business, 2014).http://MITS5004 IT SECURITY ASSIGNMENT SAMPLE On 26th April, Sony was committed to restarting its services in a week. This intrusion confirmed that play station security system was not working properly.
It was a security disaster for Sony in which the company found that hackers affected its customers’ data and information. Due to this, Sony has to stop its service for some days. In this intrusion, SOE server and Facebook games were suspended on the system. Each day server was found down. So many other games were also affected by this intrusion.
For example Adventures, DC Universe Online, Ever Quest, Ever Quest II, Ever Quest Online Adventures, Free Realms, Pirates of the Burning Sea, Planeside, Penora, Star Wars Galaxies and Vanguard: Saga of Heroes etc. (Corella et al., 2018).http://MITS5004 IT SECURITY ASSIGNMENT SAMPLE
Who were Affected and How
In this intrusion, 77 million users account of Sony Play Station were affected that includes users Name, date of birth, Email address, password, Credit card details and Security Question.
Sony Play station network is the one world’s largest credit card holder and this intrusion in Sony Play Station Network affected the overall brand image of the company. It was a threat to Sony and its account holders. But, Sony said that they have no clue about that from which they can identify the hackers.
This intrusion was a result of lack down in the security system of the company (D’Arcy and Greene, 2014). In this, it was found that in play station networks, the security system was too weak and hackers tacked advantage to this weakness of the system and hacked Sony Play Station. On 4th May 2011, Sony confirmed that in this incident, 77 million accounts personal information was exposed by the hackers. Sony said that timing was the difference between the different activities of hackers in this incident.
On 3 May, according to a press conference, Sony confirmed that it was an external intrusion 77 million Sony network users personal information was stolen. This intrusion includes 12,700 credit card numbers. Mostly credit card number had not been in use.
How the attack carried out?
After the 7 days, Sony explored a report in which they announced that the main reason of the outage was activities of hackers. In this, it was seen that the data and information of the user of Sony Play Station were stolen that includes the name, address, number, email, passwords and credit card details.
In this, it is also analyzed that the history of Sony was not good in the context of the security of the data. This time also, hackers have taken the advantage of this situation. In contrast to this, it can be said that the hackers have known about the weakness of the PSN’s security mechanisms and passed the information and data to another group of hackers.
From where there were enough opportunities for the hacker to access the data and information of users of the Sony Play Station. Hence, the attackers might have been taken the step to breach the security of Sony (Thomas et al., 2017).http://MITS5004 IT SECURITY ASSIGNMENT SAMPLE
What could have been done to prevent the attack?
From the above discussion, it can be recommended that Sony could use the different strategies to prevent the attack of a hacker on Sony Play Station. In this, it is also found that if Sony was using the appropriate security programs then it could remain safe from the attack of hackers.
It was the simple way for Sony to up to date its software that is helpful in improving the security (Makris’s and Dean, 2018). In regard to this, it could use the SSL, Web application firewall and website and software scanners etc. tools that are helpful to protect the data and information from the hackers. At the same time, it can also be said that Sony could enforce appropriate authentication and passwords that are essential in the context of improving the security of the data and information.
Sony could use the password management system that is a way to improve the information security of the database. Moreover, there are also various companies that provide the third party service to secure the database. If Sony was using the third party service in security then it was possible that it could save from the attack of the hacker in 2011 (Arcuri et al., 2017). http://MITS5004 IT SECURITY ASSIGNMENT SAMPLE
References
Arcuri, M.C., Brogi, M. and Gandolfi, G., 2017. How Does Cyber Crime Affect Firms? The Effect of Information Security Breaches on Stock Returns. In ITASEC (pp. 175-193).
Betz, L., 2016. An Analysis of the Relationship between Security Information Technology Enhancements and Computer Security Breaches and Incidents.
Chen, F., Mac, G. and Gupta, N., 2017. Security features embedded in computer aided design (CAD) solid models for additive manufacturing. Materials & Design, 128, pp.182-194.
CNN Business. 2014. Hackers attack Sony PlayStation Network. [Online] Available at: https://money.cnn.com/2014/08/24/technology/security/sony-playstation-hack/index.html (Assessed: 29-12-2018)
Cobb, C., Sudar, S., Reiter, N., Anderson, R., Roesner, F. and Kohno, T., 2018. Computer security for data collection technologies. Development Engineering, 3, pp.1-11.
Corella, F. and Lewison, K.P., Pomian and Corella LLC, 2018. Protecting passwords and biometrics against back-end security breaches. U.S. Patent 9,887,989.
D’Arcy, J. and Greene, G., 2014. Security culture and the employment relationship as drivers of employees’ security compliance. Information Management & Computer Security, 22(5), pp.474-489.
Juliadotter, N.V. and Choo, K.K.R., 2015. Cloud attack and risk assessment taxonomy. IEEE Cloud Computing, (1), pp.14-20.
Lohrke, F.T., Frownfelter-Lohrke, C. and Ketchen Jr, D.J., 2016. The role of information technology systems in the performance of mergers and acquisitions. Business Horizons, 59(1), pp.7-12.
Makridis, C. and Dean, B., 2018. Measuring the Economic Effects of Data Breaches on Firm Outcomes: Challenges and Opportunities. Available at SSRN 3044726.
Thomas, K., Li, F., Zand, A., Barrett, J., Ranieri, J., Invernizzi, L., Markov, Y., Comanescu, O., Eranti, V., Moscicki, A. and Margolis, D., 2017, October. Data breaches, phishing, or malware?: Understanding the risks of stolen credentials. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (pp. 1421-1434). ACM.
Thompson, N., McGill, T.J. and Wang, X., 2017. “Security begins at home”: Determinants of home computer and mobile device security behavior. computers & security, 70, pp.376-391.
Udo, G., Bagchi, K. and Kirs, P., 2018. ANALYSIS OF THE GROWTH OF SECURITY BREACHES: A MULTI-GROWTH MODEL APPROACH. ANALYSIS, 19(4), pp.176-186.
Warner, M., 2015. Notes on the Evolution of Computer Security Policy in the US Government, 1965-2003. IEEE Annals of the History of Computing, 37(2), pp.8-18.
ZD Net. 2016. AdultFriendFinder network hack exposes 412 million accounts. [Online] Available at: https://www.zdnet.com/article/adultfriendfinder-network-hack-exposes-secrets-of-412-million-users/ (Assessed: 29-12-2018)
Know more about UniqueSubmission’s other writing services:
Assignment Writing Help
Essay Writing Help
Dissertation Writing Help
Case Studies Writing Help
MYOB Perdisco Assignment Help
Presentation Assignment Help
Proofreading & Editing Help
