ProductsLogo
LogoStudy Documents
LogoAI Grader
LogoAI Answer
LogoAI Code Checker
LogoPlagiarism Checker
LogoAI Paraphraser
LogoAI Quiz
LogoAI Detector
PricingBlogAbout Us
logo

System Security Investigation and Risk Management: A Case Study of the Australian Red Cross Blood Donation Website

Verified

Added on  2024/05/23

|8
|1475
|57
AI Summary
This assessment delves into the security vulnerabilities and risks associated with the Australian Red Cross blood donation website. It analyzes the real-life case study of a data breach involving half a million blood donor records, highlighting the critical need for robust security measures. The assessment explores the key business requirements for the website, including data protection, user authentication, and secure data storage. It also proposes practical solutions to mitigate risks and enhance the overall security posture of the website.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
SIT763 Assignment 2
1

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Table of Contents
Executive summary.........................................................................................................................3
Risk Assessment Strategy................................................................................................................3
Key Business Requirements............................................................................................................5
Conclusion.......................................................................................................................................5
References........................................................................................................................................6
2
Document Page
Executive summary
System security in this tricky and most advanced age becomes more important for every
organization. A number of firms manage their security by using different parameters and to
manage the risk they first critically analyze the currently available problem within the
Information system of that particular organization. Here in this assessment, I have conducted
system security investigation and management issues of real-life corporate organization called
blood bank. Here in this assessment I have followed prescribed procedure to evaluate risk level
and impact of those risks, threats and vulnerabilities for the selected organization. Australian Red
Cross faces a massive security breach and approx. half million of blood donor personal data and
their address details were compromised. The Australian Red Cross blamed all this incident
happens cause of human error. The Australian Red Cross didn’t use any security system to
protect their database and that’s why an individual makes a breach. In this assessment, I have
performed security risk assessment including security risks, threats and vulnerabilities related
with Australian Red Cress Case. Also, I have performed business requirement analysis with
outlining the key business requirement in the context of Australian Red Cross.
3
Document Page
Risk Assessment Strategy
The Australian Red Cross website is there to help the individual seekers or group to get blood-
related help and make a query for the particular type of blood. The theme of the development of
this platform is to provide help support individual and donor by using website support system of
Australian Red Cross. It has a different type of target audiences like blood donors, seekers,
system owner, employees, system developers and etc. So the security risks, threats and
vulnerabilities associated the Australian Red Cross case study are as follows:
Risk
There is a huge amount of highly sensitive data of half million people of Australia is stored on
the website which is actually developed by the third person. The blood service providing website
fulfil the requirement of Privacy Act but it handles too much amount of work like data practice
and procedures. The website system consisted high sensitive personal information of blood
donor as well as the person who require blood or have a query related to the donation of blood.
There is no definite target audience for the website and it is very difficult to interpret and define
the target audience of the website. An individual or group of system user who involves in the
management of the flow of work having access to the system without any validation on their
accessing so any of the employee or hacker make security breach. Any one like a former
employee can make access to the system to take personal revenge or just down the system server
to reduce the revenue of the Australian Red Cross blood donating organization.
Threats
The root cause of security breach involvement of Precedent employee. The employee of the
system can make access to the system without any prior information can down the response time.
On 5th September 2016 employee of development company make a backup of system and on
UAT environment for a donation of the system and store the data file to a globally accessible
portion of the server. That’s why information commissioner analyzed that the threats which are
available with the organization are generated a cause of human error. On time of creating backup
data should have an error and the respective employee try to save data file on secure location by
including an error that is presented to the system.
Vulnerabilities
4

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
The Precedent developers use the server to the implementation of new code with a new feature
for donateblood.com. The UAT environment makes a copy of all entered data which is protected
by different security parameters and password protection but not uses two-way authentication
mechanism. The publicly available portion of the website makes it more vulnerable because
there are many hackers and attackers are there to steal valuable information from customers.
(Donateblood.com.au, 2018)
5
Document Page
Key Business Requirements
The Australian Red Cross website is developed with the purpose of providing information
related to blood donation, type of blood, mode of donation, blood use and assistance of people
who made a query about blood donation. The system is also developed to provide a platform
where an individual can make an appointment to donate blood and make contact with the person
and donor.
The Australian Red Cross website had been developed by keeping in mind the primary target
audience called donor and potential donors with the secondary audience called researchers,
career seekers. Each individual input their personal information into the website by self with the
hope of positive response and make an appointment with the needy personas.
So the key business requirement of Australian Red Cross are as follows:
Troy Hunt is cybersecurity expert informed to Australian Cyber emergency team and
takes a step to notify blood services seekers.
The Australian Red Cross has to engage the client and donor through telephone and
assistance of client personally.
All publicly available files should be deleted from the server.
Two-way authentication system to authenticate each user and consider about login panel
by applying validation to generate a strong password.
The website system needed internet based security protection system by reducing the a
number of the installed file.
The personal information of intended target audience can only be used by the
organization only to fulfil the primary aim and objective (Community Assessment &
Engagement Tool, 2018).
6
Document Page
Conclusion
I have successfully completed this assessment i.e. based on system investigation and system risk
assessment with possible management strategies. I have conducted system security investigation
and management issues of real-life corporate organization called blood bank. Here in this
assessment I have followed prescribed procedure to evaluate risk level and impact of those risks,
threats and vulnerabilities for the selected organization. Their website user, donor and blood
seekers are the primary target audience where the employee is the secondary target audience.
Since the Australian Red Cross faces a massive security breach and approx. half million of blood
donor personal data and their address details were compromised. The Australian Red Cross
blamed all this incident happens cause of human error. The Australian Red Cross didn’t use any
security system to protect their database and that’s why an individual makes a breach. In this
assessment, I have performed security risk assessment including security risks, threats ad
vulnerabilities related to Australian Red Cress Case. Also, I have performed business
requirement analysis with outlining the key business requirement in the context of Australian
Red Cross
7

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
References
Community Assessment & Engagement Tool. (2018). [ebook] Available at:
https://www.redcross.org.au/getmedia/79ffaa5f-ed8c-4424-88cd-9b42b70638ae/Red-Cross-
CAET-V5-web_1.pdf.aspx [Accessed 17 Apr. 2018].
Donateblood.com.au. (2018). Blood safety - managing disease risks | Australian Red Cross
Blood Service. [online] Available at: http://www.donateblood.com.au/blood-safety-disease-
risks [Accessed 17 Apr. 2018].
Hsa.ie. (2018). Risk Assessment - Health and Safety Authority. [online] Available at:
http://www.hsa.ie/eng/Your_Industry/Fishing/Management_of_Health_and_Safety/
Risk_Assessment/ [Accessed 17 Apr. 2018].
https://www.ccohs.ca/. (2018). Risk Assessment. [online] Available at:
https://www.ccohs.ca/oshanswers/hsprograms/risk_assessment.html [Accessed 17 Apr.
2018].
Mitigating ris. (2018). [ebook] Available at:
https://www.redcross.org.au/annualreport_2014/year-in-review/mitigating-risk.html
[Accessed 17 Apr. 2018].
Redcross.org.au. (2018). [online] Available at:
https://www.redcross.org.au/getmedia/5273fb7c-431d-4971-9a3e-c247b914e124/What-We-
Stand-For-040717.pdf.aspx [Accessed 17 Apr. 2018].
Redcross.org.au. (2018). Disaster relief and recovery. [online] Available at:
https://www.redcross.org.au/disaster-relief-and-recovery [Accessed 17 Apr. 2018].
Redcross.org.au. (2018). How to save billions on disaster recovery. [online] Available at:
https://www.redcross.org.au/news-and-media/news/how-to-save-billions-on-disaster-
recovery [Accessed 17 Apr. 2018].
Redcross.org.au. (2018). How we help: Strategy 2020. [online] Available at:
https://www.redcross.org.au/about-us/how-we-help [Accessed 17 Apr. 2018].
8
1 out of 8
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

© 2024   |   Zucol Services PVT LTD   |   All rights reserved.