Cyber Threat Intelligence - CTEC5802
Added on 2022-11-12
19 Pages3969 Words436 Views
Running head: CYBER THREAT INTELLIGENCE
CYBER THREAT INTELLIGENCE- CTEC5802
Name of the Student
Name of the University
Author Note
CYBER THREAT INTELLIGENCE- CTEC5802
Name of the Student
Name of the University
Author Note
1CYBER THREAT INTELLIGENCE
Table of Contents
Stage1: Case articulation.................................................................................................................2
Task1: About the case study........................................................................................................2
Task 2: High level security architecture......................................................................................4
Stage2: Threat analysis and risk assessment...................................................................................4
Task 3: Risk assessment of architecture and system...................................................................4
Risk matrix...................................................................................................................................7
Task 4: Summary and recommendations.....................................................................................7
Stage 3: Psychological motivations.................................................................................................9
Task 5: Explanation of the attack................................................................................................9
Stage 4: Security assurance architecture........................................................................................11
Task 6: security assurance architecture.....................................................................................11
Explanation of the security assurance architecture components...............................................12
Task 7: Security policies............................................................................................................13
Bibliography..................................................................................................................................15
Table of Contents
Stage1: Case articulation.................................................................................................................2
Task1: About the case study........................................................................................................2
Task 2: High level security architecture......................................................................................4
Stage2: Threat analysis and risk assessment...................................................................................4
Task 3: Risk assessment of architecture and system...................................................................4
Risk matrix...................................................................................................................................7
Task 4: Summary and recommendations.....................................................................................7
Stage 3: Psychological motivations.................................................................................................9
Task 5: Explanation of the attack................................................................................................9
Stage 4: Security assurance architecture........................................................................................11
Task 6: security assurance architecture.....................................................................................11
Explanation of the security assurance architecture components...............................................12
Task 7: Security policies............................................................................................................13
Bibliography..................................................................................................................................15
2CYBER THREAT INTELLIGENCE
Stage1: Case articulation
Task1: About the case study
Staysure.co.uk limited is on holiday insurance company that has been financed
with€175,000 by the ICO and IT security failings. The hackers got the access to over customer
records and this caused huge harm towards the customers. This breach caused to more than 5000
customers to get attacked in fraud stars. The data and details of credit card of 5000 customers got
hacked. The main aim of the organization was to provide better insurance facility towards the
customers. However the organization failed to maintain security within the system. This leads to
impacting the performance of the organization and also caused data breach. The organization
offers different multiple insurance products. This mainly includes insurance related to holiday,
health, home, car insurance, travel and life. As the organization offers Facility in different
directions thus it becomes important to ensure that the data stored within the organization are
protected from hackers. However the organization failed tremendously that caused a huge loss
towards the organization .In 2013 the main application server of the organization that is JBoss
application was detected with an attack that lead to huge amount of data breach. This affected
many people and also the economy of the company. The attacker injected malicious JavaScript
within the web page so that they can gain the control over the website. This further lead to
opening the server that stored data associated with each customer of the organization .However
this was not the first time when the attackers try to get over the customers data of this
organization earlier in the year 2010 the same vulnerability was being predicted by the
employees. At that time the organization ensure that proper steps will be taken for maintaining
the safety of data.
Stage1: Case articulation
Task1: About the case study
Staysure.co.uk limited is on holiday insurance company that has been financed
with€175,000 by the ICO and IT security failings. The hackers got the access to over customer
records and this caused huge harm towards the customers. This breach caused to more than 5000
customers to get attacked in fraud stars. The data and details of credit card of 5000 customers got
hacked. The main aim of the organization was to provide better insurance facility towards the
customers. However the organization failed to maintain security within the system. This leads to
impacting the performance of the organization and also caused data breach. The organization
offers different multiple insurance products. This mainly includes insurance related to holiday,
health, home, car insurance, travel and life. As the organization offers Facility in different
directions thus it becomes important to ensure that the data stored within the organization are
protected from hackers. However the organization failed tremendously that caused a huge loss
towards the organization .In 2013 the main application server of the organization that is JBoss
application was detected with an attack that lead to huge amount of data breach. This affected
many people and also the economy of the company. The attacker injected malicious JavaScript
within the web page so that they can gain the control over the website. This further lead to
opening the server that stored data associated with each customer of the organization .However
this was not the first time when the attackers try to get over the customers data of this
organization earlier in the year 2010 the same vulnerability was being predicted by the
employees. At that time the organization ensure that proper steps will be taken for maintaining
the safety of data.
3CYBER THREAT INTELLIGENCE
Which time it has been of served that the organization failed to protect their organization
from hackers and the vulnerability lead to impacting thousands of people. Moreover the
organization did not take any serious measures for implementing new updates that can protect
their main application server. From the case study it has been object that at the time of attack the
system contained around 3 million customer records. These records had confidential data related
to the customers including bank details. Apart from this earlier the organization even used the
card details without encryption. However after identifying the vulnerability in 2010, the
organization ensured that proper encryption is maintained for the card details.
Apart from all this the newly developed system by the organization ensured that there is
no need to have card data. The organization ensured that all the card details are being removed
from the system for insuring better safety of the customers. However they continued to store
them CVV of each card for future reference. Based on the data protection act it is important to
ensure that every organization is able to maintain their customers confidentiality. In case any
organization fails to maintain confidentiality towards the customers details then they need to pay
high penalty. Similarly in this case ICO charged the organization with €175,000 as they failed
tremendously to maintain the confidentiality of customers details. Thus from the case study it
can be stated that there is a high need to implement infrastructure that will protect the
organization from further breaches.
Which time it has been of served that the organization failed to protect their organization
from hackers and the vulnerability lead to impacting thousands of people. Moreover the
organization did not take any serious measures for implementing new updates that can protect
their main application server. From the case study it has been object that at the time of attack the
system contained around 3 million customer records. These records had confidential data related
to the customers including bank details. Apart from this earlier the organization even used the
card details without encryption. However after identifying the vulnerability in 2010, the
organization ensured that proper encryption is maintained for the card details.
Apart from all this the newly developed system by the organization ensured that there is
no need to have card data. The organization ensured that all the card details are being removed
from the system for insuring better safety of the customers. However they continued to store
them CVV of each card for future reference. Based on the data protection act it is important to
ensure that every organization is able to maintain their customers confidentiality. In case any
organization fails to maintain confidentiality towards the customers details then they need to pay
high penalty. Similarly in this case ICO charged the organization with €175,000 as they failed
tremendously to maintain the confidentiality of customers details. Thus from the case study it
can be stated that there is a high need to implement infrastructure that will protect the
organization from further breaches.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Cyber Breach at Staysure.co.uk Ltd: A Case Studylg...
|22
|5741
|160
Cyber Security Assignment | Security Breachlg...
|10
|1891
|117
Network Security Threats and Control Measures for Open University Malaysialg...
|10
|3121
|88
JP Morgan Data Breachlg...
|5
|722
|96
Network Security: Protecting the Integrity and Usability of Networking Services and Datalg...
|25
|1420
|50
IT Security Challenges in Organizationslg...
|8
|1966
|27