Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

INFORMATION SECURITY MANAGEMENT.

Verified

Added on 2023/03/30

AI Summary

please check the report specifications then make the report. I have selected the Main concept is Use of External cloud Providers for essential business Services like Storage, email or web application hosting. The main topic is on Information Infrastructure These application users can access the files and folders at any time from several interfaces, including the web, desktop, and mobile users also, or through others third-party applications connected to Dropbox Application. Dropbox data breach in the year of 2012, more than 68 millions users email id and password were for sale on the darknet marketplace and price is similar to one Bitcoin. - In the year of 2012 Dropbox was using cloud service. In which all the data were store into that cloud-based service. You are making report on this problem.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: INFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENT
Name of the Student
Name of the University
Author Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1INFORMATION SECURITY MANAGEMENT
Abstract
Data breach took place in the year 2012 where 68 million user email id along with password was
on sale. The whole thing was established on the darkest of the marketplace, which is very much
similar to one bitcoin value. The organization aims to store most of its vital data on Dropbox
platform. It merely hacked around 68 million account details which were leaked from the online
platform.

2INFORMATION SECURITY MANAGEMENT
Table of Contents
Introduction..........................................................................................................................3
Discussion............................................................................................................................3
Issues in Dropbox............................................................................................................3
Identified Threats to the information Assets...................................................................4
Aspect to organization Information System....................................................................4
Vulnerabilities can be exploited......................................................................................6
Information Security goals..............................................................................................6
Organization encountering similar kind of issue or attack..............................................7
Information Security Control...........................................................................................8
Conclusion...........................................................................................................................8
Recommendation.................................................................................................................9
References..........................................................................................................................11

3INFORMATION SECURITY MANAGEMENT
Introduction
The following report is all about Dropbox organization, which is a multi-national firm.
The headquarters of this organization is located in San Francisco, CA 94107. The organization
comes up with more than 540 million users on worldwide platform(Thomas et al., 2017). In this
application, user can easily access the required files and folder from any given location at any
given time from various interfaces (Mozumder et al., 2017). It is merely inclusive of web
desktop and mobile user or even by making use of third party based application that is connected
to this Dropbox application. Hackers obtained the data from the online storage, which is known
to be data breach of 2012 (Patil, 2018). Dropbox has assured that the breach has taken place aims
to potential force the option of password reset. It is mainly done through initial announcement
for analysing the overall number of affected users.
In the coming pages of the report, an idea has been provided concerning issues in
Dropbox data breach. After that, identification of threats has been made for the information
assets. A list of information assets that are vulnerable has been discussed. An explanation has
been provided concerning information security goals which might be compromised. The last
section of the report deals with control against this kind of security breach.
Discussion
Issues in Dropbox
At the time of hacking, the required files are selected are completely obtained by the help
of sources in the whole of the database trading community. The breach notification services
resulted in leak base where motherboard found around the files of 5 GB (Tayan, 2017). It
comprises of huge amount of accounts that comprises of email addresses and password for the

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4INFORMATION SECURITY MANAGEMENT
user of Dropbox. Out of the 68 million of user data, around 32 million passwords are completely
secured by making use of string hash key function that is “BCrypt”. It merely makes it difficult
for the hacker so that they can gain access to the actual password. The complete password is
secured by making use of SHA hashing algorithm (Haddadi et al., 2015). The password hashes
are believed to come up with a salt which is a random process of adding string. It is mainly for
hashing function for providing strength to the password so that it becomes difficult for hackers
for cracking them (Huh et al., 2017). In the year 2012, Dropbox disclosed the whole idea of idea
breach which notified the user that one of the employee passwords was completely acquired. It
can be easily stated as disclosure of data breach which notified the users (Mozumder et al.,
2017). In this particular attack, one of the passwords of the employees were acquired and was
used in accessing file with user email addresses. The organization did not disclose the things
which are needed by hackers forpilfering the passwords.
Identified Threats to the Information Assets
Drop sent out emails by altering their user, which has a large chunk of user that has
credential which was obtained in the year 2012 data breach. It might soon become the dark web
of marketplace (Huh et al., 2017). The whole thing prompting them to would make changes in
the password if the changes were not done in the mid of 2012. The security team of Dropbox was
looking for new kind of threat for the users. As a result of ongoing efforts, the earlier set of
Dropbox user’s credentials like email address and password comes into picture. The organization
suggested that all the required credential were related to the incident which was disclosed in the
given time (Botha, Grobler & Eloff, 2017). Dropbox is known to be latest join of some of mega
breaches that have taken place. The whole thing has come into picture as a result of millions of
credentials which has come into picture from the old data breaches (Botha, Grobler & Eloff,

5INFORMATION SECURITY MANAGEMENT
2017). Some of the popular networking sites like LinkedIn, my space and Tumblr are sold on this
dark web.
Aspect of organization Information System
The whole idea of cloud computing is changing the electronic-based services which
require shape for researcher end. Dropbox is known to be first application of this kind that is
known on global platform with first version that is dating back on the year 2008 (Soliman, 2019).
The main notion is all about analysing the security and privacy of Dropbox who two of main
cloud storages are made available in the market. It is very much important in having an
understanding with respect to how storages work on the system so that they can create a solid
base(Brekalo, Strackx & Piessens, 2016). It mainly helps them in having an understanding with
respect to certain factors which affect the overall security.
Dropbox aims to provide free account that comes up with a capacity of 2GB space, and
pro account has space of around 1 TB of space. It is merely inclusive of windows, Linux and
Apple devices (Mohmmed & Osman, 2017). It merely makes use of delta encoding and helps the
user to easily share their folder. The service register comes up with a history of changes that are
made in the last months along the user to easily recover from the older version or deleted
files(Mohmmed & Osman, 2017). The communication makes use of SSL protocol, which is
needed for data encryption in the server by making use of AES 256. In the given security
clauses, it also highlights the special mobile client which is compatible with the transmission of
the data (Brekalo, Strackx & Piessens, 2016). It is mainly done so that there can be instances in
which certain number of information are not encrypted.
They are considering the fact that Dropbox is completely adhered concerning SAFE Port
Act. They aim to put much of emphasis on idea that only staff members can have an easy access

6INFORMATION SECURITY MANAGEMENT
to the data in some of the given condition (Duncan, 2019). Dropbox comes up with an easy kind
of access to the information which is completely stored by the user on the platform. The
communication protocol that is being used is protected by the help of TLS where the Dropbox
itself receive the password (Schlicher, MacIntyre & Abercrombie, 2016). It does not receive any
kind of hash or other associated function. If there is any kind of compromising concerning
Dropbox, then proper password can be obtained from the new user.
Vulnerabilities can be exploited
Data breach attack at Dropbox takes place in the year 2012. The organization makes use
of collection of user email address that has been completely stolen. It does not provide any kind
of report for password which has been stolen(Dhasarathan, Thirumal & Ponnurangam, 2015).
Dropbox aims send out notification for list user who has change the password in the year 2012
The organization comes up with 100m customer at the very time which represent around two-
third of the account. Dropbox aims to practice good user data security practices that aims to
encrypt the password(Treacy & McCaffery, 2016).. The whole thing comes up with process of
encrypting from SHA1 for a new secure standard known to be bcrypt.
Dropbox indicate certain number of representative which can make use of secret phrases
that are hacked from some other site. It is considered to be main reason for the rupture of 2012
rupture. The data breach comes into picture as a result of reuse of password from the side of
Dropbox employees, which has been used in LinkedIn. There is large number of professionals
social networks which suffered from breach. It mainly revealed the password that allows hackers
to easily get into the Dropbox corporate network (Schlicher, MacIntyre & Abercrombie, 2016). It
is from the mere location from which they can easily gain access to user database along with
password which was encrypted and easily salted. The latter practice of adding up a random string

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

7INFORMATION SECURITY MANAGEMENT
of given characters which are used at the time of encryption (Astani & Ready, 2016). The whole
thing is all about adding up string of characters that is used at the time of encryption which
makes it difficult for decrypting.
Dropbox corporation aims to reset the password of user at the same instance, but
organization failed to address the number. Hackers aim to highlight the overall need for security
at both ends that is user (Dhasarathan, Thirumal & Ponnurangam, 2015). This particular aspect
has come into picture as a result of use of strong password and two-step authentication. The
whole thing has come into picture as a result of securing the password of user. Dropbox fell foul
for password for complete reuse and entry into the network of the organization.
Information Security goals
Information security is known to be as one of the important areas for supporting business
goals and overall objectives. It has ultimately become an important aspect where both IT and
business staff in Dropbox which has become a security guard (Anderson, Skare, & Dorroll,
2018). CIA triad is known to be information security or even cyber-security which stands for
availability, integrity and confidentiality. Availability is all about analysing the required
information which is made at the time of their need. Integrity is all about protecting all the
required information from any kind of modification (Yadav, Bharti & Raw, 2018).
Confidentiality is all about protecting all the required information from any kind of disclosure. In
Dropbox application, all the required information is passed from various stages where various
people handle it(Treacy & McCaffery, 2016). It is not very much feasible for any of the
organization for protecting all the required information from any kind of accident.
To protect the vital information of the Dropbox, it is very much important to have an
understanding concerning the CIA. It is all about analysing the fact how it can be used for

8INFORMATION SECURITY MANAGEMENT
achieving CIA for handling information (Caviglione et al., 2016). This particular aspect is very
much useful in having organizational goals and objectives. Information is known to be an
important aspect of the overall success of the organization in the present scenario (Anderson,
Skare, & Dorroll, 2018). It is all about maintaining required information which is known to be
important for various organization. The whole aspect is all about maintaining confidentiality,
availability and integrity of required information. It has become an important aspect in present
business environment which is there in the wrong hands (Hughes et al., 2016). The whole thing
will not only improve the day to day operation but will be used for achieving day to day
operation. It will ultimately threaten the existence of the organization.
Organization encountering similar kind of issue or attack
Data breach at Uber resulted in steal of information of data for 57 million users along
with driving credential. In this attack, hackers straight away enter into the cloud based system of
the Uber account holders by making use of GitHub code storehouse.
Network infrastructure mainly comprises of some of the interconnected devices which
are connected for transporting communications required for data. Also, it comprises of services,
application and multi-media(Thomas et al., 2017). It mere focus on the routers and firewalls
which focus on the kind of alert. There is large number of devices in action which tend to exist in
the network like switches, intrusion detection system (Patil, 2018). It merely comprises of
firewalls and IDS, which are traditional technologies that are needed for securing the whole
network.
Information Security Control
A good security awareness training program is considered to be very much important for
educating the employees about the policies and procedure. It is mainly needed for analysing the

9INFORMATION SECURITY MANAGEMENT
procedure which is needed for working with the information technology (Tayan, 2017).
Employees of Dropbox need to have idea with respect to the information about which they
should contact and discover the threat (Yadav, Bharti & Raw, 2018). Data is known to be as one
of the most valuable assets of the corporate. Dropbox employee needs to have training, which is
an important aspect of the organization that comes up with high value of turnovers (Haddadi et
al., 2015). Training on regular interval of time is considered to be an important thing which is
needed for achieving much higher rate of interest.
Conclusion
The above pages of the report help in concluding the fact that this report is all about data
breach of Dropbox. The organization makes use of delta coding techniques which helps the user
so that they can share folder for the user. Along with these, it makes public links for the given
file and folder. The service register can easily make history of changes in the last few intervals of
months. This particular aspect helps the user to easily recover the older version even from the
deleting files. The service register aims to create history that has taken place in the period of last
few months. This particular aspect helps the user so that they can recover much of the older
version and even led to deletion of file. Dropbox application aims to protect the whole mode of
communication by making use of SSL protocol and tends to encrypt the data in the server. In the
above pages of the report, an overview has been given with respect to various kind of threat
concerning organization asset. An idea has been provided with respect to organization
information system which is vulnerable. A list of methods has been discussed in details by which
the vulnerabilities can be easily exploited. An explanation has been given with respect to
information security goals which might compromise with the CIA. In the last section of the
report, an idea has been providing with respect to information security control.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

10INFORMATION SECURITY MANAGEMENT
Recommendation
There are large number of steps which needs to be taken tackling security breach like
Building a proper security culture: User education and its awareness are known to be as
one of the important aspects of security principle. It is known to be fundamental aspect in the
development of a strong security culture. The present security culture is completely beyond the
routine security training and needs to be woven in day to day life of the user. Considering
various aspect of the security, it needs to be completed tested concerning ransomware and
malware. Authorities of Dropbox need to conduct test phishing context for analysing the overall
effectiveness of the user.
Security like an Architecture: Security is mainly applied at the different level of the
project, and a response plan is created for the security response. This particular approach can
easily lead multitude of various point technologies along with limited value of integration result
in overall gaps. Some steps are required to taken by the authorities of Dropbox so that they can
easily integrate the security capabilities. It is mainly done so that they can easily the business risk
and its overall impact.
Apart from this, password of Dropbox user should not store the details in the code. As a
result of this hacker could not get access to the cloud based services which is done by hacking
the code.

11INFORMATION SECURITY MANAGEMENT
References
Anderson, J. C., Skare, E., & Dorroll, C. (2018). Nothing to Hide, Nothing to Fear? Tools and
Suggestions for Digital Data Protection. The Qualitative Report, 23(5), 1223-1236.
Astani, M., & Ready, K. J. (2016). Trends and preventive strategies for mitigating cybersecurity
breaches in organizations. Issues in Information Systems, 17(2).
Botha, J. G., Grobler, M. M., & Eloff, M. M. (2017). Global data breaches responsible for the
disclosure of personal information.
Brekalo, H., Strackx, R., & Piessens, F. (2016, December). Mitigating password database
breaches with Intel SGX. In Proceedings of the 1st Workshop on System Software for
Trusted Execution (p. 1). ACM.
Caviglione, L., Podolski, M., Mazurczyk, W., & Ianigro, M. (2016). Covert channels in personal
cloud storage services: the case of dropbox. IEEE Transactions on Industrial
Informatics, 13(4), 1921-1931.
Dhasarathan, C., Thirumal, V., & Ponnurangam, D. (2015). Data privacy breach prevention
framework for the cloud service. Security and Communication Networks, 8(6), 982-1005.
Dinh, H., Dworkin, A., O'neill, C., Savage, S., Leak, J., Aazam, M., & St-Hilaire, M. (2017,
May). Omnibox: Efficient cloud storage by evaluating dropbox and box. In 2017 24th
International Conference on Telecommunications (ICT) (pp. 1-6). IEEE.
Duncan, B. (2019). EU General Data Protection Regulation Compliance Challenges for Cloud
Users. CLOUD COMPUTING 2019, 35.
Haddadi, H., Howard, H., Chaudhry, A., Crowcroft, J., Madhavapeddy, A., & Mortier, R.
(2015). Personal data: Thinking inside the box. arXiv preprint arXiv:1501.04737.

12INFORMATION SECURITY MANAGEMENT
Hughes, J., Pierce, B. C., Arts, T., & Norell, U. (2016, April). Mysteries of dropbox: property-
based testing of a distributed synchronization service. In 2016 IEEE International
Conference on Software Testing, Verification and Validation (ICST) (pp. 135-145). IEEE.
Huh, J. H., Kim, H., Rayala, S. S., Bobba, R. B., & Beznosov, K. (2017, May). I'm too Busy to
Reset my LinkedIn Password: On the Effectiveness of Password Reset Emails.
In Proceedings of the 2017 CHI Conference on Human Factors in Computing
Systems (pp. 387-391). ACM.
Mohmmed, A. G. M., & Osman, S. E. F. (2017). Cloud Computing & Big Data challenges &
Security Challenges. world, 3(6).
Mozumder, D. P., Mahi, M. N., Whaiduzzaman, M., & Mahi, M. J. N. (2017). Cloud Computing
Security Breaches and Threats Analysis. Int. J. Sci. Eng. Res, 8(1).
Patil, G. R. M. D. A. (2018). DATA BREACHES AS TOP SECURITY CONCERN IN CLOUD
COMPUTING. International Journal of Pure and Applied Mathematics, 119(14), 19-28.
Schlicher, B. G., MacIntyre, L. P., & Abercrombie, R. K. (2016, January). Towards reducing the
data exfiltration surface for the insider threat. In 2016 49th Hawaii International
Conference on System Sciences (HICSS) (pp. 2749-2758). IEEE.
Soliman, O. (2019, January). Big Data SAVE: Secure Anonymous Vault Environment.
In Proceedings of the 52nd Hawaii International Conference on System Sciences.
Tayan, O. (2017). Concepts and tools for protecting sensitive data in the it industry: a review of
trends, challenges and mechanisms for data-protection. International Journal of
Advanced Computer Science and Applications, 8(2), p46-52.
Thomas, K., Li, F., Zand, A., Barrett, J., Ranieri, J., Invernizzi, L., ... & Margolis, D. (2017,
October). Data breaches, phishing, or malware?: Understanding the risks of stolen

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

13INFORMATION SECURITY MANAGEMENT
credentials. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and
Communications Security (pp. 1421-1434). ACM.
Treacy, C., & McCaffery, F. (2016). Medical Mobile Apps Data Security Overview.
Yadav, A. K., Bharti, R. K., & Raw, R. S. (2018). Security Solution to Prevent Data Leakage
Over Multitenant Cloud Infrastructure. International Journal of Pure and Applied
Mathematics, 118(7), 269-276.

1 out of 14

+13062052269

info@desklib.com

INFORMATION SECURITY MANAGEMENT.

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

ZOMATO HACKED: Security Breach Results in 17 Million User Data Stolen

Ransomware Attack Analysis & Prevention

Under Armour Data Breach

Data Breach - Cyber Security

Critical Analysis of Yahoo's 2014 Data Breach

PRINCIPLES OF MANAGEMENT {MBA133} CIA - 3 INFOGRAPHICS