Information security – HND Assignment Help

Information security – HND Assignment Help



Information security – HND Assignment Help





Information security – HND Assignment Help:

Information security


Executive Summary



The work is being conducted to present a security audit work-plan that can be implemented by BCX, an Internet bitcoin exchange that was started in the year 2013. The hacking of the biggest bitcoin exchange, Mt Gox in 2013 has raised concerns for BCX and hence it aims at evaluating the existing threats to the website to identify and implement adequate measures to manage and mitigate these risks and threats. It has been identified that BCX being an internet based exchange is susceptible to multiple damages and attacks from the hackers, which can be SQL injection, cross-site scripting, insecure authentication management or security Misconfiguration.

These attacks can lead to multiple threats for the exchange that are mainly categorized into six categories, namely spoofing, tampering, repudiation, information disclosure, denial of service and elevation of privilege. Hence, it is the task for BCX to identify these threats and incorporate adequate measures to overcome them. Not only is BCX but even its hosting provider, HotHost1 and the clients and users are also important stakeholders for the exchange and it is crucial for all of them to carry out their tasks adequately to ensure security. Development of web application security architecture, implementation of code standards, control measures and even implementation of employees’ and customers’ rules and regulations are some of the key measures that can help the company in enhancing its overall security against external threats.

images (18)

Contents









Background and Problem Analysis


The case study is regarding an internet based bitcoin exchange start-up, named BigCoinX, which was started in the year 2013. Following the boom and growth of the bitcoin industry, which involve the transaction of bitcoins, i.e. digital money at extremely low processing fees (Barber et al. 2012), BigCoinX has been found to grow significantly. The company, which is based in Sydney aims at hitting the 3% mark by the end of the year 2014. However, one great concern that has arisen in front of the organization is that of the security of their website and their internet portal that contains all the money and details of the clients. The concern has become even bigger with the hacking of the biggest global bitcoin exchange, Mt Gox, which filed for bankruptcy in March 2013 after $600M bitcoins were stolen from the customers’ accounts. HotHost1 is the hosting provider of the company and the company has contacted HackStop Consulting for better security.

The problem of data and information security is a huge challenge with the use of all technologies and digital environments and devices because the hackers can find different ways of getting inside the secured system and obtain personal and illegal data (Subashini and Kavitha, 2011). There are multiple different ways in which the web site environment of BCX can be compromised by a hacker and the information can be stolen. The various ways in which the hackers can steal the users’ information and can compromise the overall web site environment of the BCX are discussed below.

  • Injection: This is one of the most commonly used ways of hacking a website, wherein different software injection flaws occur because of the sending of un-trusted data or information into the interpreter as a specific query. SQL, LDAP and OS are some of the commonly injected queries into the website that lead to compromise of the personal information (Valuer et al. 2005).

  • Cross-Site Scripting (XSS): the hackers can also obtain the information of the users from the BCX data via cross-site scripting, in which the browsers in which the website is used can allow the hackers to hijack all the activities that are done on the browser or can even refer them to other websites from where the data can be illegally obtained (Williams and Stallings, 2006).

  • Insecure Authentication Management: Williams and Stallings (2006) explain that the compromise of websites via hackers can often take place when the authentication management of the websites is not managed adequately. Thus, if the authentication management system of BCX is not working appropriately, it can allow the hackers to make use of the broken links and enter the site without having valid authentication.

  • Insecure Direct Object References: The hackers can even compromise the secured web environment of BCX via the usage of insecure direct object references, in which a reference in the website, such as the URL is exposed to any form of implementation object such as the database key. Huang et al. (2003) take the example of Citibank and explains that simple changes in the parameters that are used in the URL of the website can also cause security and authentication issues.

  • Security Misconfiguration: in these cases, the hackers directly attack the database servers or the internet networks. Kahate (2013) explains that if a website does not install security systems at each steps and each of these networks and servers, unauthorized entries can lead to compromise in the users’ data and information.

Hence, the audit work plan and the threat analysis that needs to be done in order to identify the potential threats to the BCX website is discussed further.

Threat Analysis


Threat analysis is one of the most important steps of the security audit work plan, which includes careful evaluation and examination of the security of the information system used in a website (Canto-Perello et al. 2013). The various tests that need to be carried out and the potential issues that can arise with the security analysis of the website are discussed below.

In order to carry out a threat analysis, the first step that needs to be taken is to understand the system. In order to evaluate the possible threats for the BCX website, the first step is to evaluate the model of the entire system that is used in the website  (Canto-Perello et al. 2013). The various applications that are being used, external dependencies of the applications, entry points, assets and data flow are some of the main things that need to be evaluated and identified for the BCX website because all this information would help in determining and identifying the potential threats that can be caused to it  (Canto-Perello et al. 2013).

Various aspects of the website that need to be tested in the threat analysis are discussed below.

Entry and exit points: The entry and exit points refer to the entry and exit points for the data into the website. The data that goes in or out of a website face multiple entry and exit points. The input points can face multiple threats and malicious interferences like the injection, overflow of buffers or even cross site scripting. Similarly the possibilities of XSS vulnerabilities are higher at the exit points and hence threat analysis at this point is extremely crucial. Making use of the security control categorization processes and mechanisms can help in identifying and evaluating the possible threats at these points for the website (Ponjavic et al. 2014).Organizations and behaviour-4

Tourist destinations-8


Network: The network that is used for the overall management and hosting of the website also needs to be checked for possible threats. The hackers tend to hack into the network, which allows the transfer of information and data from the network to the hackers. Hence, the threat analysis of the networks involves a complete exploration and study of the attack paths that are related to the same. Complete evaluation would include examining all the inflow and outflow of data and their paths for effective threat management (Rodriguez et al. 2013)

Application Server: Application server manages the authentication of the users, generation of error messages and validation of password etc. for the website. As explained by Wedman et al. (2013), the application server is one of the most attacked point and can lead to multiple threats like spoof authentication, outflow of data to the wrong server etc. Hence, identification of all applications of the server via different techniques like authentication and authorization analysis, cryptography and session management analysis is important.

Installed Security Systems: BCX must have installed multiple security systems in its websites such as firewalls, cookies etc. that restrict and prohibit the entry of malicious elements and unauthorized devices. However, it is crucial to continuously evaluate the effectiveness and outcomes of these security systems to make sure that no unwanted activities take place and that they are working effectively. The hackers have found ways to break into the websites despite these security systems and hence their analysis and upgrades from time to time are extremely important (Wedman et al. 2013).

The various threats that can possibly be observed are highlighted below on the basis of the STRIDE Model:

  • Spoofing: Spoofing is one of the biggest threats that is caused due to inadequate authentication. Threats like illegal certificates, lack of authentication mechanism, cracking of passwords, insecure default password and lack of session timeout are some of the major problems that are observed in a website. Some of the countermeasures that BCX and HotHost1 need to take are the encryption of authentication tokens, use of trusted server authentication, use of salted hashes for storing passwords and implementation of strong password policies. The deliverables at this stage include the generation of reports of unsuccessful logins etc (Shostack, 2014).Understanding people in organisations

  • Tampering: This includes tampering with data, which can include tampering with the browsers’ data, modification of messages sent or received or the wrong display of data. Use of message authentication codes, encryption algorithms and error encoding are some of the countermeasures that can help in tackling these threats. Carrying out a vulnerability assessment report of the website and network is important at this stage (Shostack, 2014).

  • Repudiation: These threats are caused when the transactions are not monitored or no signature is used for validating the transactions. Shostack (2014) explains that the maintenance of inadequate log records is one of the major factors responsible for repudiation threats. Some of the ways in which these threats can be managed are to install cookies that expire, re-authentication at every step of the transactions and even encryption of the authentication cookies. The key deliverable at this stage includes the log reports, which need to be regularly updated (Scandariato et al. 2013).

  • Information Disclosure: Scandariato et al. (2013) explain that hackers have found ways in which they obtain the sensitive information from the users by either redirecting them to a malicious websites or by taking screenshots or via the temporary files stores on the computers of the users. Thus, the passwords of the users must not be logged and access controls must be reinforced at each step for complete security.

  • Denial of Service: Blocks in networks or overloading the channels can lead to crashing of websites, wherein the users are not able to use their accounts or the website. Hence, BCX must take adequate measures of filtering and throttling to avoid the same. (Scandariato et al. 2013)

In order to make sure that the threats are adequately managed, BCX and HotHost 1 need to generate multiple reports and present different deliverables to analyze the potential threats adequately. Risk Likelihood report for each threats, identifying their likelihood and impact is one of the most important measure that needs to be taken. Additional reports include the ASF control report, construction of threat tree and report of the vulnerability assessment test are some of the main deliverables that can help in determining the possibility of occurrence of each threat and can help in eliminating the risks associated with them for better security management of the website (Scandariato et al. 2013).Heritage cultural tourism management -3


Dependencies and critical Success Factors


The evaluation and implementation of security measures in the BCX website are highly dependent on different stakeholders and different practices carried out by them. The stakeholders on whom the task is dependent and their involvement in getting the job done are described below.

BCX: BCX itself is one of the most important stakeholders in the entire process and the job because it is not only responsible but is the stakeholder, who will get most affected by the entire process and any form of security breach. People inside the BCX who need to be interviewed and assessed for the job include the information technology head, the engineer and all other employees of the organization. Some of the critical success factors with respect to BCX include the inclusion and implementation of adequate security practices, regular audits by the employees and even ensuring that the employees do not let out any of the important or crucial information to any outsider (Hovav and Gray, 2014). All these factors are equally important and it is crucial that all the stakeholders within the company carry out their tasks effectively. The owners need to carry out regular audits and keep regular checks on the website and adopt adequate security policies for overall effectiveness.

HackStop Consulting and HotHost1: HotHost1 is the main hosting provider of BCX and hence a key stakeholder in the company. HotHost1 needs to make sure that the hosting server of the website is completely secured and that there are no threats to the company whatsoever. The key account manager handling the BCX account and the engineers at HotHost1 need to be interviewed for examining the security measures that they have installed and for obtaining regular audit reports of the server. Also, since HackStop Consulting has been consulted for the implementation of adequate security measures, it also becomes a key stakeholder. The senior security consultant needs to make sure that he/she identifies the security requirements, existing vulnerabilities and characteristics of the BCX website to make sure that there are no security issues observed for the exchange (Hovav and Gray, 2014).

BCX’s Clients: the clients and customers of BCX are the most important and crucial stakeholders for the job because not only are they responsible for maintaining their own security but are also most likely to get affected by any of the security breaches. The customers of the company must be interviewed because it is important for them to install adequate firewall and other protection in their own computer systems and to ensure that their authentication and login details are not shared with anyone else (Hovav and Gray, 2014).

Hence, for the security audit work plan to be effective, this is the most important measure that needs to be taken by different stakeholders. Thus, on the basis of all these analyses, few recommendations that can help BCX in improving its security practices are discussed below.

Recommendations


The various measures that can be or must be taken by BCX in order to improve its overall security and to prevent any malicious attacks are discussed below.

  • Defining the Secure Coding Standards: Assuming that BCX currently adopts security measures that there are no coding standards that are followed by the developers or the engineers, the company must focus on defining practical and safe standards for secure coding (Peltier, 2013). These standards must clearly identify and define the procedures that need to be followed for the security measures. Validation of the input parameters that go inside the website is one of the most important practices that needs to be standardized. In addition to that, the company also needs to develop a central module for ensuring safety in all the operations, need to implement control over the HTTP headers that are used for higher security, need to establish standards and control for encryption of the web pages and information and also need to set standards for the authentication mechanisms and modules (Peltier, 2013). These standards and coding requirements can act as directions and benchmarks for the programmers and they can work effectively to ensure that the adopted practices comply with all these requirements.

  • Development of a Web Application Security Architecture: The company must develop a complete web application security architecture to ensure protection of the website and the application being provided to the clients. The architecture must include a total of three tiers, which segregates so that in-depth protection can be achieved from any external element because of addition of the multiple layers that are added in the security. Some of the major elements that are included in these multiple layers of security include the database layer abstraction, firewalls on the website, encryption of data, OS hardening etc (Gubbi et al. 2013). Vacca (2013) explains that the addition of so many layers helps in making sure that no security breaches take place. BCX must hence develop and implement complete web application security architecture to make sure that no problems or challenges related to any of the website systems or application arise.

  • Testing Standards and Audits: BCX also needs to develop and adopt adequate testing standards that can help in carrying out regular tests or audits of the systems or technologies that are implemented. Regular system tests, unit tests and even function tests need to be carried out to make sure that the systems of the website are working adequately without any problem. The review of the entire code system and the overall audit and testing of the security system is important and can help the company in making sure that no security threats are happening. As suggested by Vacca (2013), BCX can also develop specific checklists for evaluating different aspects of the website and security to ensure complete safety.

  • Introduce Security Policies for the employees and Clients: BCX must also make sure that it implements adequate policies for its employees to ensure safety. The company must develop policies and regulations that oblige the employees to ensure safety and security of the exchange and confidential information. Such policies ensure that the employees do not share the confidential and private information of the companies or any of the customers with any unauthorized person. In addition, the development and establishment of strong policies for the customers is also important. The password generation policies of the customers must be extremely strong to make sure that the clients generate strong passwords that cannot be hacked. (Vacca, 2013)

  • Internal Hosting of the Exchange: BCX can also take control of the hosting of the website internally. It can provide secured browser or software to the clients instead of hosting it as a website on regular browsers. This can help in protecting any the website and the clients’ or users’ information from any form of external threat that are caused via the browsers and via the unsecured transfer and exchange of data from the web browsers.

Hence, these steps and few measures can be of great significance for the company and can help it in improving its security practices. Security is the key to the success of the company and hence these measures can be of great significance.

Conclusion


The study highlights that there are multiple potential security threats and issues that are faced by a company or a website. These threats can lead to multiple problems and challenges for the organizations because they can lead to the misuse of the personal data of the clients. The hackers can attack information of exchanges like BCX in multiple ways and hence carrying out a complete threat analysis and implementing additional security measures can help BCX in keeping the information of its users completely secure.

HND Assignment help is pioneer in the Assignment help services and we offer coursework help with 100% unique content, quality content by adopting required theories & concepts. Our experts have PhD in various fields so that the students can get their assignment with quality work for attain A++ grades in their work. We are having 7 years of experience for offering assignment help for marketing assignment helpmanagement assignment helpeconomics assignment helpAssignment help for economics,  finance assignment helpAccounting assignment help, operation assignment help and others. For assignment help you can contact us at hndassignmenthelp@gmail.com

HND Assignment help is leading and most trusted assignment help service providing range of services for the different subjects but the major area of focus for the organization is HND Assignments. HND in the higher national diploma being offered by the various universities across the world and highest number of students pursue their HND from United KingdomHND Assignment help is working with the students in UK since last 7 years for helping them in their HND assignments. We provide help for various HND subjects like HND in business managementHND in travel & tourism managementHND in hospitality managementHND in accounting managementHND in human resource managementHND in law and HND in health and social care etc. Our experts have long experience in writing HND Assignments and they themselves are HND holder from the top notch Universities in United Kingdom. So, we are the best place to get your HND assignments. Contact us at hndassignmenthelp@gmail.com.

HND in business management offered by the HND Assignment Help offers high quality work for the mandatory as well as optional units such as the work based experience (WBE)employability skillsbusiness ethicsEuropean Businessoperation management in businesssmall business enterpriseQuality management in businessinternet marketinghuman resource developmentmanaging human resourcehuman resource managementadvertising and promotion in businessManaging communication, knowledge and information (MCKI)Managing business activities to achieve results (MBAAR)Working with and leading people (WWLP)Personal and professional development (PPD)Research project (RP)Business strategy, Business decision makingmarketing principleOrganization and behaviorManaging financial resources and decisions (MFRD) and Business environment.  

HND Assignment help offered for the Health and social care would include 100% unique content and high quality content based on the given specific case study for the healthcare context. Every unit of the health and social care would consider specific case scenario which would be answered keeping in mind the HND requirements. HND in health and social care help offered by HND assignment help would include help on various mandatory and optional units such as PPD in health and social careHealth & safety in HSCCommunication in HSCUnderstanding specific needs in HSCThe role of public health in HSCEmpowering users in HSC and Research project in HSC etc. So contact us at www.hndassignmenthelp.comwww.hndassignmenthelp.co.uk and www.hndassignmenthelp.com.au.

List of latest assignments offered by HND Assignment Help are as under:

For HND hospitality management, we offer assignment help for cultural and heritage tourism assignment wherein experts would provide quality solution. Research project help is being offered for the students to accomplish A++ quality projects for them. We have experts for providing case study assignments for organizations such as Emirates Airline along with the dissertation projects on such organizations. Hospitality assignments are major offerings for HND Assignment help as we are known for quality hospitality assignments. Unit 3 organizational behavior assignment help is offered by HND Assignment help in order to allow students for accomplishing their assignment with cheap prices.

A range of subjects and streams are being offered by the HND Assignment Help team and some of them includes below mentioned:

  1. ERP Assignment Help

  2. Nursing and midwifery practice assignment help

  3. Essay writing help

  4. Business strategy assignment help

  5. Business strategy help

  6. Business environment assignment help

  7. HND business environment assignment

  8. Academic performance international students

  9. Business process organizational design assignment

  10. Marketing principle assignment help

  11. Human resource assignment help

  12. Heritage and cultural tourism assignment help

  13. Contemporary issues in tourism

  14. Tour operations management assignment help

  15. Online assignment help

  16. Software engineering assignment help

  17. Human resource in service industry assignment help

  18. Tour operations management assignment help

  19. Website design assignment help

  20. Cognitive inquiry sequence assignment help

  21. Organizational strategy leadership assignment help

  22. Literature review assignment help

  23. Marketing principle assignment

  24. Travel and tourism assignment help

  25. PPD Assignment Help

  26. Advertising and promotion in business assignment help

  27. Research project help

  28. Effective organizational structure assignment help

  29. Leadership strategies change assignment help

  30. Advertising assignment help for HND

The Above mentioned assignment help services offered by the HND Assignment Help Company comes with the high quality content, 100% plagiarism free content, on time delivery, discounted price, 24*7 availability, award winning customer service and unlimited feedback for the assignments. Our experts are ready to help with your homework at cheap cost so that you can save on your money and get best quality help always. Contact us at hndassignmenthelp@gmail.com or www.hndassignmenthelp.co.uk


Comments