ITECH2305 - Case Study: Analysis of Get Online Ticketing Data Leak

Verified

Added on 2022/11/10

AI Summary

This report presents an analysis of the 'Get' online ticketing data leak, examining the impact of the breach on user data and organizational performance. It begins with an executive summary highlighting the problem, which involved the loss of personal data for 150,000 users, leading to a decline in ticket sales and new subscriptions. The report proposes the implementation of a web security firewall as a primary solution to restrict unauthorized access and protect against internet threats. A detailed strategy analysis outlines the organization's goals and objectives, emphasizing the importance of securing user data. It includes the identification of stakeholders, requirements lifecycle management, functional and non-functional requirements, and design considerations. The functional requirements include real-time session tracking, web filtering, and protection against malware, while non-functional requirements focus on integrity, interoperability, and usability. The report also discusses various design approaches, such as data loss prevention and web security firewalls, and concludes with implementation strategies and references.

Running head: ANALYSIS OF ‘GET’ ONLINE TICKETING DATA LEAK
1
ANALYSIS OF ‘GET’ ONLINE TICKETING DATA LEAK
Presented to
The Chief Executive Officer
Managing Director
IT manager
Prepared by
September 15, 2019

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

ANALYSIS OF ‘GET’ ONLINE TICKETING DATA LEAK
2
Executive summary
We are experiencing a system breach which has led to a loss of personal data of our 150, 000
users on our online ticketing platform (Nielsen & Puddy, 2019). Following the news report by
ABC outlet about the data leak, a 10% reduction in the number of tickets sold and a further 5%
reduction in the new user subscription has been experienced by the organization. By eliminating
data leak threats new user subscription can be increased by 10 % in the next one year and a
further 20 % increase in the number of tickets sold. To resolve this problem we propose
installation of a reliable web security firewall. Web security firewall acts as a first line of
defense, restricts unauthorized access to online services and thus protects the organization from
various Internet threats. Potential and existing users will become more confident and will boost
their trust on our online ticketing platform. This is because their personal data will be more
secured from the attackers. We intent to install a pilot web security firewall without interfering
with the organization’s day-to-day processes and operations. The potential risk for the
implementation of this design solution is that there is a possibility of lower response time in that
we might have to retrain our employees and hire new web security experts. This could
temporarily result in a reduced average response time. Nonetheless, to reduce that possibility, we
intent to write a short training guide. To implement this solution soonest, we need an approval
of $ 4700 as an adjustment to the existing IT budget.
Strategy analysis
Our aim is to provide a secure and reliable online means of collecting payments for event tickets,
merchandise and membership for clubs and societies in Australia .We have built and maintained
a strong capital base and offer integrated platform that reduce tedious manual work. Get users
trust us with the events, membership and merchandise which had long been based upon us
keeping their data private and secure from fraudulent internet threats. Our strategy is to get our
web security team to run an in-house incidence response program to report any suspicious
activity on our website. Also we periodically monitor and assess our web infrastructure for
potential vulnerabilities to ensure that we remedy the vulnerabilities that could breach the
security and the privacy of our customer data. The main objective of the proposed change is to
enhance our web security in terms of network, account and product security. This will ensure
that common security issues such SQL injections, cross-site scripting and the URL redirection.
When this is implemented out we can create and maintain authorization checks that ensure that
there is no direct resource access in our platform.

ANALYSIS OF ‘GET’ ONLINE TICKETING DATA LEAK
3
Requirements Lifecycle Management
Requirements analysis template
The function of the proposed system is to provide a robust security feature for our website. The
main objective for the installation of the new firewall system is to solve the reported cyber
security breach on customer data that has compromised on their privacy and confidentiality. The
success criteria of the project shall be based on the number of tickets sold and the number of new
users and clubs that register on our platform.
The current security program involves the use of load balancers and VPNs (Virtual Private
Networks) for network security and encryption techniques for account security. Customer data is
stored in our data center hosted and operated by Amazon web services (AWS). The problem with
this system is that hackers were able to maneuver into the network by exploiting SQL injections
leading to data leaks.
Functional Requirements
The functional requirements describe what the system will do. The proposed design solution has
to provide functions such as real-time session tracking, visibility of SSL-Encrypted traffic, web
filtering and protection against viruses and malware programs. Addressing the named functional
requirements means that the organization ensures that critical operations and processes are
secured from possible cyber attacks and phishing schemes.
Non-functional Requirements
Non-functional requirements define how the system works. For instance, to insure that customer
data is kept private, the system has to provide for integrity. Other non-functional requirements
that the online security firewall has to provide include interoperability, portability, usability,
simplicity and robustness.
Elicitation and collaboration
Stakeholder identification
Life Cycle Stakeholder
Engineering Supplier, Verification and Validation team
Development Design engineers, integration team, supplier
Transfer for use Operators, IT manager

ANALYSIS OF ‘GET’ ONLINE TICKETING DATA LEAK
4
Logistics and maintenance Support services and trainers
Operation Normal users, Unexpected users
We can identify our stakeholders as follows:
 Chief Executive manager- Oversees the overall operations and processes of the
organization
 IT Manager- provides IT Support and supports the operations of the organization
 Human Resource Management- in charge of personnel and procurement of new product
 Customers- existing users in our online ticketing platform and future potential customers
 Government- Government body that regulates personal data access and disclosure
policies and give
In order to realize stakeholder requirements are met, stakeholders are prioritized as follows:
High power, Interested Manage closely
High power, not Interested Keep satisfied
Low power, Interested Keep informed
Low power, not Interested Monitor with minimal efforts
Responsibility assignment matrix: RASCI
R Responsible
A Accountable
S Supportive
C Consulted
I Informed
Managing
director
Finance
manager
HR
manager
IT
manager
Hiring new security team C S R I
Purchase new web IT tool I S S A

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

ANALYSIS OF ‘GET’ ONLINE TICKETING DATA LEAK
5
IT management S S S A
Procurement S R I I
Human resources R S A I
Requirements for the change
Need for the change
 To protect consumer personal data from cyber threats
Stakeholder requirements
As a result of the personal data leak, there is urgent need to protect customer’s personal data. The
stakeholder requirements for the change include:
 Protect confidentiality of critical information
 Provide secure access to data
 Increase traffic into the online system
 Increase the number of tickets sold

ANALYSIS OF ‘GET’ ONLINE TICKETING DATA LEAK
6
Requirements Analysis and Design Definition
Firewalls provide multiple layers of protection that various forms of internet threats without
affecting your network performance. These firewalls can be deployed across multiple physical
locations as well as in cloud service providers for instance Microsoft Azure, Amazon Web
Service, and Google Cloud Platform. An organization can maintain a consistent security position
using centralized management and control.
Sophisticated security web firewalls such as Barracuda provide robust mechanisms of prevention
and detection of cyber security breaches in order to eliminate any possible threats to the network.
The web firewall provider combined the use of Deep Packet Inspection (DPI) and behavioral
analysis to detect and record millions of requests of access. This way, any suspicious behavior
within your network can be detected averted. This helps in reducing the possibility security
breach into your network. It also offers Intrusion Detection and Prevention System (IDS/IPS).
These systems a real time network security protection against vulnerabilities.
LAN Switch
LAN/WAN
Barracuda Web
firewall
Router/ Firewall
User
Internet
Router/Firewall

ANALYSIS OF ‘GET’ ONLINE TICKETING DATA LEAK
7
Requirements life cycle management
Requirements analysis
Requirements design is a useable representation of a needed solution requirements have to be
well laid down in order to achieve an optimal solution design is met. Users of our platform need
protection against data leak which can lead to identity theft. It is in the interest of all the
stakeholders to ensure that crucial personal data does not fall into the hands of the internet
attackers.
Trace requirements
Online web systems need to be protected against spyware attacks, cross-site scripts, SQL
injections, session management breaches and URL redirections among other threats. The
solution design to address these issues has to meet network security, account security and
product security. User data is a critical data that should be protected at all cost. A breach in
personal data could be very harmful. Therefore, account security has to be enhanced in depth.
Design
Different design approaches can be utilized to achieve the above requirements. Our company can
utilize a Data Loss Prevention strategy which primarily focuses on securing data from
unauthorized access and or modification (Information Protection). This design solution aims to
keep data safe from malicious activity, keeping personal data private and secure and limits
access to sensitive data. Another design solution is to employ the use of web security firewall
application. Firewall monitors outgoing and inbound traffic from or to the network. It either
allows access or denies access based on pre-established configurations. It blocks malicious
programs that try to gain access to the system such as Trojan horses and viruses. This design
solution seeks to secure the network, account information and the product.
Implementation
A desirable solution design is employed to remedy the data breaches that could be exploited by
hackers. Both solutions discussed above involve the acquisition of third party software. The
software so chosen is installed in our computer systems and configuring to the network. Since
our company use Amazon Web Services to store customer data, a recommendation is made to
ensure that user data is only accessible to our company and that third parties are blocked from
gaining access to these critical private and confidential data.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

ANALYSIS OF ‘GET’ ONLINE TICKETING DATA LEAK
8
References
Information Protection. (n.d.). Retrieved from https://www.symantec.com/products/data-loss-
prevention
Nielsen, B., & Puddy, R. (2019, September 10). Tech start-up investigating 'potential data leak' on online
ticketing platform. Retrieved September 15, 2019, from abc news:
https://www.ausleisure.com.au/news/start-up-online-ticketing-platform-investigating-potential-
data-leak/