Information security - HND Assignment Help:
The work is being conducted to present a security audit work-plan that can be implemented by BCX, an Internet bitcoin exchange that was started in the year 2013. The hacking of the biggest bitcoin exchange, Mt Gox in 2013 has raised concerns for BCX and hence it aims at evaluating the existing threats to the website to identify and implement adequate measures to manage and mitigate these risks and threats. It has been identified that BCX being an internet based exchange is susceptible to multiple damages and attacks from the hackers, which can be SQL injection, cross-site scripting, insecure authentication management or security Misconfiguration.
These attacks can lead to multiple threats for the exchange that are mainly categorized into six categories, namely spoofing, tampering, repudiation, information disclosure, denial of service and elevation of privilege. Hence, it is the task for BCX to identify these threats and incorporate adequate measures to overcome them. Not only is BCX but even its hosting provider, HotHost1 and the clients and users are also important stakeholders for the exchange and it is crucial for all of them to carry out their tasks adequately to ensure security. Development of web application security architecture, implementation of code standards, control measures and even implementation of employees’ and customers’ rules and regulations are some of the key measures that can help the company in enhancing its overall security against external threats.
The case study is regarding an internet based bitcoin exchange start-up, named BigCoinX, which was started in the year 2013. Following the boom and growth of the bitcoin industry, which involve the transaction of bitcoins, i.e. digital money at extremely low processing fees (Barber et al. 2012), BigCoinX has been found to grow significantly. The company, which is based in Sydney aims at hitting the 3% mark by the end of the year 2014. However, one great concern that has arisen in front of the organization is that of the security of their website and their internet portal that contains all the money and details of the clients. The concern has become even bigger with the hacking of the biggest global bitcoin exchange, Mt Gox, which filed for bankruptcy in March 2013 after $600M bitcoins were stolen from the customers’ accounts. HotHost1 is the hosting provider of the company and the company has contacted HackStop Consulting for better security.
The problem of data and information security is a huge challenge with the use of all technologies and digital environments and devices because the hackers can find different ways of getting inside the secured system and obtain personal and illegal data (Subashini and Kavitha, 2011). There are multiple different ways in which the web site environment of BCX can be compromised by a hacker and the information can be stolen. The various ways in which the hackers can steal the users’ information and can compromise the overall web site environment of the BCX are discussed below.
Hence, the audit work plan and the threat analysis that needs to be done in order to identify the potential threats to the BCX website is discussed further.
Threat analysis is one of the most important steps of the security audit work plan, which includes careful evaluation and examination of the security of the information system used in a website (Canto-Perello et al. 2013). The various tests that need to be carried out and the potential issues that can arise with the security analysis of the website are discussed below.
In order to carry out a threat analysis, the first step that needs to be taken is to understand the system. In order to evaluate the possible threats for the BCX website, the first step is to evaluate the model of the entire system that is used in the website (Canto-Perello et al. 2013). The various applications that are being used, external dependencies of the applications, entry points, assets and data flow are some of the main things that need to be evaluated and identified for the BCX website because all this information would help in determining and identifying the potential threats that can be caused to it (Canto-Perello et al. 2013).
Various aspects of the website that need to be tested in the threat analysis are discussed below.
Entry and exit points: The entry and exit points refer to the entry and exit points for the data into the website. The data that goes in or out of a website face multiple entry and exit points. The input points can face multiple threats and malicious interferences like the injection, overflow of buffers or even cross site scripting. Similarly the possibilities of XSS vulnerabilities are higher at the exit points and hence threat analysis at this point is extremely crucial. Making use of the security control categorization processes and mechanisms can help in identifying and evaluating the possible threats at these points for the website (Ponjavic et al. 2014).
Network: The network that is used for the overall management and hosting of the website also needs to be checked for possible threats. The hackers tend to hack into the network, which allows the transfer of information and data from the network to the hackers. Hence, the threat analysis of the networks involves a complete exploration and study of the attack paths that are related to the same. Complete evaluation would include examining all the inflow and outflow of data and their paths for effective threat management (Rodriguez et al. 2013)
Application Server: Application server manages the authentication of the users, generation of error messages and validation of password etc. for the website. As explained by Wedman et al. (2013), the application server is one of the most attacked point and can lead to multiple threats like spoof authentication, outflow of data to the wrong server etc. Hence, identification of all applications of the server via different techniques like authentication and authorization analysis, cryptography and session management analysis is important.
Installed Security Systems: BCX must have installed multiple security systems in its websites such as firewalls, cookies etc. that restrict and prohibit the entry of malicious elements and unauthorized devices. However, it is crucial to continuously evaluate the effectiveness and outcomes of these security systems to make sure that no unwanted activities take place and that they are working effectively. The hackers have found ways to break into the websites despite these security systems and hence their analysis and upgrades from time to time are extremely important (Wedman et al. 2013).
The various threats that can possibly be observed are highlighted below on the basis of the STRIDE Model:
In order to make sure that the threats are adequately managed, BCX and HotHost 1 need to generate multiple reports and present different deliverables to analyze the potential threats adequately. Risk Likelihood report for each threats, identifying their likelihood and impact is one of the most important measure that needs to be taken. Additional reports include the ASF control report, construction of threat tree and report of the vulnerability assessment test are some of the main deliverables that can help in determining the possibility of occurrence of each threat and can help in eliminating the risks associated with them for better security management of the website (Scandariato et al. 2013).
The evaluation and implementation of security measures in the BCX website are highly dependent on different stakeholders and different practices carried out by them. The stakeholders on whom the task is dependent and their involvement in getting the job done are described below.
BCX: BCX itself is one of the most important stakeholders in the entire process and the job because it is not only responsible but is the stakeholder, who will get most affected by the entire process and any form of security breach. People inside the BCX who need to be interviewed and assessed for the job include the information technology head, the engineer and all other employees of the organization. Some of the critical success factors with respect to BCX include the inclusion and implementation of adequate security practices, regular audits by the employees and even ensuring that the employees do not let out any of the important or crucial information to any outsider (Hovav and Gray, 2014). All these factors are equally important and it is crucial that all the stakeholders within the company carry out their tasks effectively. The owners need to carry out regular audits and keep regular checks on the website and adopt adequate security policies for overall effectiveness.
HackStop Consulting and HotHost1: HotHost1 is the main hosting provider of BCX and hence a key stakeholder in the company. HotHost1 needs to make sure that the hosting server of the website is completely secured and that there are no threats to the company whatsoever. The key account manager handling the BCX account and the engineers at HotHost1 need to be interviewed for examining the security measures that they have installed and for obtaining regular audit reports of the server. Also, since HackStop Consulting has been consulted for the implementation of adequate security measures, it also becomes a key stakeholder. The senior security consultant needs to make sure that he/she identifies the security requirements, existing vulnerabilities and characteristics of the BCX website to make sure that there are no security issues observed for the exchange (Hovav and Gray, 2014).
BCX’s Clients: the clients and customers of BCX are the most important and crucial stakeholders for the job because not only are they responsible for maintaining their own security but are also most likely to get affected by any of the security breaches. The customers of the company must be interviewed because it is important for them to install adequate firewall and other protection in their own computer systems and to ensure that their authentication and login details are not shared with anyone else (Hovav and Gray, 2014).
Hence, for the security audit work plan to be effective, this is the most important measure that needs to be taken by different stakeholders. Thus, on the basis of all these analyses, few recommendations that can help BCX in improving its security practices are discussed below.
The various measures that can be or must be taken by BCX in order to improve its overall security and to prevent any malicious attacks are discussed below.
Hence, these steps and few measures can be of great significance for the company and can help it in improving its security practices. Security is the key to the success of the company and hence these measures can be of great significance.
The study highlights that there are multiple potential security threats and issues that are faced by a company or a website. These threats can lead to multiple problems and challenges for the organizations because they can lead to the misuse of the personal data of the clients. The hackers can attack information of exchanges like BCX in multiple ways and hence carrying out a complete threat analysis and implementing additional security measures can help BCX in keeping the information of its users completely secure.
HND Assignment help is pioneer in the Assignment help services and we offer coursework help with 100% unique content, quality content by adopting required theories & concepts. Our experts have PhD in various fields so that the students can get their assignment with quality work for attain A++ grades in their work. We are having 7 years of experience for offering assignment help for marketing assignment help, management assignment help, economics assignment help, Assignment help for economics, finance assignment help, Accounting assignment help, operation assignment help and others. For assignment help you can contact us at email@example.com
HND Assignment help is leading and most trusted assignment help service providing range of services for the different subjects but the major area of focus for the organization is HND Assignments. HND in the higher national diploma being offered by the various universities across the world and highest number of students pursue their HND from United Kingdom. HND Assignment help is working with the students in UK since last 7 years for helping them in their HND assignments. We provide help for various HND subjects like HND in business management, HND in travel & tourism management, HND in hospitality management, HND in accounting management, HND in human resource management, HND in law and HND in health and social care etc. Our experts have long experience in writing HND Assignments and they themselves are HND holder from the top notch Universities in United Kingdom. So, we are the best place to get your HND assignments. Contact us at firstname.lastname@example.org.
HND in business management offered by the HND Assignment Help offers high quality work for the mandatory as well as optional units such as the work based experience (WBE), employability skills, business ethics, European Business, operation management in business, small business enterprise, Quality management in business, internet marketing, human resource development, managing human resource, human resource management, advertising and promotion in business, Managing communication, knowledge and information (MCKI), Managing business activities to achieve results (MBAAR), Working with and leading people (WWLP), Personal and professional development (PPD), Research project (RP), Business strategy, Business decision making, marketing principle, Organization and behavior, Managing financial resources and decisions (MFRD) and Business environment.
HND Assignment help offered for the Health and social care would include 100% unique content and high quality content based on the given specific case study for the healthcare context. Every unit of the health and social care would consider specific case scenario which would be answered keeping in mind the HND requirements. HND in health and social care help offered by HND assignment help would include help on various mandatory and optional units such as PPD in health and social care, Health & safety in HSC, Communication in HSC, Understanding specific needs in HSC, The role of public health in HSC, Empowering users in HSC and Research project in HSC etc. So contact us at www.hndassignmenthelp.com, www.hndassignmenthelp.co.uk and www.hndassignmenthelp.com.au.
List of latest assignments offered by HND Assignment Help are as under:
For HND hospitality management, we offer assignment help for cultural and heritage tourism assignment wherein experts would provide quality solution. Research project help is being offered for the students to accomplish A++ quality projects for them. We have experts for providing case study assignments for organizations such as Emirates Airline along with the dissertation projects on such organizations. Hospitality assignments are major offerings for HND Assignment help as we are known for quality hospitality assignments. Unit 3 organizational behavior assignment help is offered by HND Assignment help in order to allow students for accomplishing their assignment with cheap prices.
A range of subjects and streams are being offered by the HND Assignment Help team and some of them includes below mentioned:
The Above mentioned assignment help services offered by the HND Assignment Help Company comes with the high quality content, 100% plagiarism free content, on time delivery, discounted price, 24*7 availability, award winning customer service and unlimited feedback for the assignments. Our experts are ready to help with your homework at cheap cost so that you can save on your money and get best quality help always. Contact us at email@example.com or www.hndassignmenthelp.co.uk