SBM4302 It Audit And Controls Report
Added on 2022-09-14
11 Pages3025 Words10 Views
Running head: SBM4302 IT AUDIT AND CONTROLS
SBM4302 It Audit and Controls
Name of the Student
Name of the University
Author Note
SBM4302 It Audit and Controls
Name of the Student
Name of the University
Author Note
SBM4302 IT AUDIT AND CONTROLS
1
Table of Contents
Introduction:...............................................................................................................................2
Overview of the Addressed Problem:........................................................................................2
Common Security Issues that an Auditor needs to Investigate:.................................................3
Code Injection:.......................................................................................................................3
Malware Infection:.................................................................................................................4
Data Breach:...........................................................................................................................4
Malicious Insiders:.................................................................................................................5
NAB’s Response to the Data Breach:........................................................................................5
Information Security Measures NAB Should Adopt:................................................................6
Role of Cloud Computing in Information Security:..................................................................7
Conclusion:................................................................................................................................8
References:.................................................................................................................................9
1
Table of Contents
Introduction:...............................................................................................................................2
Overview of the Addressed Problem:........................................................................................2
Common Security Issues that an Auditor needs to Investigate:.................................................3
Code Injection:.......................................................................................................................3
Malware Infection:.................................................................................................................4
Data Breach:...........................................................................................................................4
Malicious Insiders:.................................................................................................................5
NAB’s Response to the Data Breach:........................................................................................5
Information Security Measures NAB Should Adopt:................................................................6
Role of Cloud Computing in Information Security:..................................................................7
Conclusion:................................................................................................................................8
References:.................................................................................................................................9
SBM4302 IT AUDIT AND CONTROLS
2
Introduction:
Data security is one of the major concerns in the present situation. There are various
of reports regarding the issue of data security from all around the world. The data security is
the mean of protecting the digital data from any type of unauthorised users, unwanted actions
which can include a data breach or a cyber-attack (Huang et al. 2017). Though data security
is extremely important in many cases the data security got breached. From all of the data
security issues it has been identified that internal error is one of the major concern due to
which data security related issues occurs. Many big organizations have faced this type of data
security related issues and have failed to provide enough security to the customer data. One
this kind of data security issues have occurred recently in the National Australia Bank (NAB)
where approximately 13,000 user’s data were compromised. In the following section of this
report this data security related issue is described briefly.
Overview of the Addressed Problem:
The current issue that the National Australia Bank had faced is regarding the data
breach of their customers records. At the time of setting up the account in the bank, the
National Australia Bank takes several of confidential data from its users. These data included
the name of the customers, birth date of the customers, contact details and government issued
identification numbers. All of these data are extremely important for the customers but
National Australia Bank completely failed to protect these data. From the reports of National
Australia Bank, it has been assessed that the data of almost 13,000 peoples were
compromised due to the incident (Hong and Alazab 2017). As per the statement of the bank
there was no externa attack or data breach but the issue was internal. The security of those
data was compromised due to some internal mistakes (Sloan and Warner 2019) where the
confidential data of those customers were uploaded to two data service organizations without
2
Introduction:
Data security is one of the major concerns in the present situation. There are various
of reports regarding the issue of data security from all around the world. The data security is
the mean of protecting the digital data from any type of unauthorised users, unwanted actions
which can include a data breach or a cyber-attack (Huang et al. 2017). Though data security
is extremely important in many cases the data security got breached. From all of the data
security issues it has been identified that internal error is one of the major concern due to
which data security related issues occurs. Many big organizations have faced this type of data
security related issues and have failed to provide enough security to the customer data. One
this kind of data security issues have occurred recently in the National Australia Bank (NAB)
where approximately 13,000 user’s data were compromised. In the following section of this
report this data security related issue is described briefly.
Overview of the Addressed Problem:
The current issue that the National Australia Bank had faced is regarding the data
breach of their customers records. At the time of setting up the account in the bank, the
National Australia Bank takes several of confidential data from its users. These data included
the name of the customers, birth date of the customers, contact details and government issued
identification numbers. All of these data are extremely important for the customers but
National Australia Bank completely failed to protect these data. From the reports of National
Australia Bank, it has been assessed that the data of almost 13,000 peoples were
compromised due to the incident (Hong and Alazab 2017). As per the statement of the bank
there was no externa attack or data breach but the issue was internal. The security of those
data was compromised due to some internal mistakes (Sloan and Warner 2019) where the
confidential data of those customers were uploaded to two data service organizations without
SBM4302 IT AUDIT AND CONTROLS
3
any type of authorization. As the issue identified by the National Australia Bank, the security
team of NAB contacted both of the data service organizations and asked them to delete the
uploaded data within the two hours. Due to this small internal mistake confidential data of
around 13,000 peoples got breached.
Common Security Issues that an Auditor needs to Investigate:
The data breach issue is one of the common security issues that the organizations
faces. Thus, it is important for the auditor to investigate this issue. With the data security
issue, there are several of other common issues that an auditor needs to investigate. The
common type of security issues that the auditor needs to investigate are discussed in the
following section, including the data breach issue also.
Code Injection:
Code injection is one of the common issues that most of the organization faces and it
is also very crucial for the investigator to investigate the issue of data security. In this type of
scenarios hackers mainly uses the present vulnerabilities in the application or in the system to
insert some malicious type of code (Mitropoulos and Spinellis 2017). There are several types
of code injection attacks which are used for the different types of purposes. These code
injection attack includes script injection, SQL injection, dynamic evaluation attack, shell
injection and operating system command attack. This type of attacks is performed for mainly
stealing the important user credentials, and destroying data (Niakanlahiji and Jafarian 2017).
Due to this reason it is important for the auditor to investigate this type of security issues very
closely. There are two important ways through which this code injection attack can be
minimised which are avoiding vulnerable coding and filtering the input. For avoiding any
type of vulnerable coding, the auditor plays an important role as he/she will actively identify
any type of vulnerable code is present or not. Also, specific type of applications can used for
3
any type of authorization. As the issue identified by the National Australia Bank, the security
team of NAB contacted both of the data service organizations and asked them to delete the
uploaded data within the two hours. Due to this small internal mistake confidential data of
around 13,000 peoples got breached.
Common Security Issues that an Auditor needs to Investigate:
The data breach issue is one of the common security issues that the organizations
faces. Thus, it is important for the auditor to investigate this issue. With the data security
issue, there are several of other common issues that an auditor needs to investigate. The
common type of security issues that the auditor needs to investigate are discussed in the
following section, including the data breach issue also.
Code Injection:
Code injection is one of the common issues that most of the organization faces and it
is also very crucial for the investigator to investigate the issue of data security. In this type of
scenarios hackers mainly uses the present vulnerabilities in the application or in the system to
insert some malicious type of code (Mitropoulos and Spinellis 2017). There are several types
of code injection attacks which are used for the different types of purposes. These code
injection attack includes script injection, SQL injection, dynamic evaluation attack, shell
injection and operating system command attack. This type of attacks is performed for mainly
stealing the important user credentials, and destroying data (Niakanlahiji and Jafarian 2017).
Due to this reason it is important for the auditor to investigate this type of security issues very
closely. There are two important ways through which this code injection attack can be
minimised which are avoiding vulnerable coding and filtering the input. For avoiding any
type of vulnerable coding, the auditor plays an important role as he/she will actively identify
any type of vulnerable code is present or not. Also, specific type of applications can used for
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Data Security and Privacy at National Australian Banklg...
|10
|2580
|25
NAB’s Response to Data Breachlg...
|12
|2692
|27
Information Security Measures And Data Breach Studylg...
|10
|2424
|20
Information Security and Data Protection at National Australia Bank (NAB)lg...
|8
|2459
|43
IT Audit and Controlslg...
|7
|1963
|24
Case Study of National Australia Bank Data Breachlg...
|7
|2344
|37