Report about Define IS Audit
Added on 2022-09-23
12 Pages2908 Words21 Views
Data Science and Big DataMaterials Science and Engineering
|
|
|
Running head: IS AUDIT
IS Audit
Name of the Student
Name of the University
Author Note
IS Audit
Name of the Student
Name of the University
Author Note
IS AUDIT
1
Executive Summary
Most of the commercial establishments all over the world are very much vulnerable to data
breaches. Social engineers are trying out new algorithms in each of the latest data breaching
incidents. An information Security audit is very much required to identify the potential
network vulnerabilities of a business who are using their private network.
This IS audit report shall be focussing on the data breach which occurred in Canva in the year
2019, the report shall be recommending that the use of data privacy controls, securing the
access control and securing the gateways could have avoided this data reaching incident in
Canva.
1
Executive Summary
Most of the commercial establishments all over the world are very much vulnerable to data
breaches. Social engineers are trying out new algorithms in each of the latest data breaching
incidents. An information Security audit is very much required to identify the potential
network vulnerabilities of a business who are using their private network.
This IS audit report shall be focussing on the data breach which occurred in Canva in the year
2019, the report shall be recommending that the use of data privacy controls, securing the
access control and securing the gateways could have avoided this data reaching incident in
Canva.
IS AUDIT
2
Table of Contents
Introduction................................................................................................................................3
Background to the case..............................................................................................................3
Problem identification................................................................................................................3
Audit approach and potential solution.......................................................................................3
IS risks....................................................................................................................................3
Audit plan, objectives and procedures...................................................................................4
Audit questions and documents.............................................................................................6
Control Recommendations.....................................................................................................7
Conclusion..................................................................................................................................8
References..................................................................................................................................9
2
Table of Contents
Introduction................................................................................................................................3
Background to the case..............................................................................................................3
Problem identification................................................................................................................3
Audit approach and potential solution.......................................................................................3
IS risks....................................................................................................................................3
Audit plan, objectives and procedures...................................................................................4
Audit questions and documents.............................................................................................6
Control Recommendations.....................................................................................................7
Conclusion..................................................................................................................................8
References..................................................................................................................................9
IS AUDIT
3
Introduction
The gas of the current security system can be identified as Information Security audit
(Morkunas, Paschen and Boon 2019). The tools and technologies required to close the gaps
can also be identified from IS audits. All the data which holds information about the network
security can be analysed in a systemized modus with the help of an IS audit.
Background to the case
In the year 2019, personal information of 4 million accounts was compromised in
Canva (Canva Help Center 2020). The passwords of the user accounts were encrypted y the
social engineers, most of the user accounts which were compromised had the default
passwords. The data sets of their portal were altered by the social engineers which led to both
reputational loss as well as business loss for this web design service organization.
Diverse categories of technologies were used in the business environment of this
organization such as the Python, New Relic, Cloudfare, Comodo SSL, Java and nginx. The
business has stakeholders and subsidiary organization all over the world. Founded in the year
2012, this private sector organization is very much vulnerable to network security threats.
Problem identification
Bcrypt algorithm was used by the social engineers as they encrypted personal
information of the consumers of this business (Solove and Citron 2017). All the stakeholders
of this business organization was hugely affected as a result of this data security breach. US
Federal Bureau of Investigations heavily criticised the security breach as data from more than
18816 was exposed. After this security breach took place, Canva started to lose their revenue
in the international markets. Loss of trust among the potential consumers was the biggest
problem faced Cava after the security breach.
Audit approach and potential solution
IS risks
The diverse categories of IS risks which are related to the selected case study are data
theft with the help of the third party vendors, loss of essential data due to the concept of IT
shadow, inefficiency security policy of the organization where the data security breach
occurred, data heists which might be caused by the employees working in Canva, phishing
emails sent by the social engineers to compromise the organizational network of Canva, and
3
Introduction
The gas of the current security system can be identified as Information Security audit
(Morkunas, Paschen and Boon 2019). The tools and technologies required to close the gaps
can also be identified from IS audits. All the data which holds information about the network
security can be analysed in a systemized modus with the help of an IS audit.
Background to the case
In the year 2019, personal information of 4 million accounts was compromised in
Canva (Canva Help Center 2020). The passwords of the user accounts were encrypted y the
social engineers, most of the user accounts which were compromised had the default
passwords. The data sets of their portal were altered by the social engineers which led to both
reputational loss as well as business loss for this web design service organization.
Diverse categories of technologies were used in the business environment of this
organization such as the Python, New Relic, Cloudfare, Comodo SSL, Java and nginx. The
business has stakeholders and subsidiary organization all over the world. Founded in the year
2012, this private sector organization is very much vulnerable to network security threats.
Problem identification
Bcrypt algorithm was used by the social engineers as they encrypted personal
information of the consumers of this business (Solove and Citron 2017). All the stakeholders
of this business organization was hugely affected as a result of this data security breach. US
Federal Bureau of Investigations heavily criticised the security breach as data from more than
18816 was exposed. After this security breach took place, Canva started to lose their revenue
in the international markets. Loss of trust among the potential consumers was the biggest
problem faced Cava after the security breach.
Audit approach and potential solution
IS risks
The diverse categories of IS risks which are related to the selected case study are data
theft with the help of the third party vendors, loss of essential data due to the concept of IT
shadow, inefficiency security policy of the organization where the data security breach
occurred, data heists which might be caused by the employees working in Canva, phishing
emails sent by the social engineers to compromise the organizational network of Canva, and
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Ethical Concerns on Record Keepinglg...
|4
|869
|297
JP Morgan Data Breachlg...
|5
|722
|96
Sources of Organization Data Breach and Risk Management Approachlg...
|4
|780
|223
PRINCIPLES OF MANAGEMENT {MBA133} CIA - 3 INFOGRAPHICSlg...
|6
|1233
|64
Software-Defined Networking for Data Breach Prevention: A Case Study of Myspacelg...
|7
|1421
|457
Symantec Breach in June 2019lg...
|3
|1966
|90