Case Study: IT Audit and Controls for NAB Data Breach
VerifiedAdded on 2023/01/12
|7
|1963
|24
Case Study
AI Summary
This case study examines the National Australia Bank (NAB) data breach, where personal information of 13,000 customers was inadvertently shared with third-party data service companies. The assignment delves into the problem, highlighting the breach of data security policies due to human err...
Read More
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
IT Audit and Controls
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Table of Contents
INTRODUCTION...........................................................................................................................1
Main Body.......................................................................................................................................1
Overview of the addressed problem.......................................................................................1
Common security issues that an auditor needs to investigate................................................1
NAB’s response to the data breach........................................................................................2
Information security measures NAB should adopt................................................................3
Role of cloud computing in information security...................................................................3
CONCLUSION................................................................................................................................4
REFERENCES................................................................................................................................5
INTRODUCTION...........................................................................................................................1
Main Body.......................................................................................................................................1
Overview of the addressed problem.......................................................................................1
Common security issues that an auditor needs to investigate................................................1
NAB’s response to the data breach........................................................................................2
Information security measures NAB should adopt................................................................3
Role of cloud computing in information security...................................................................3
CONCLUSION................................................................................................................................4
REFERENCES................................................................................................................................5
INTRODUCTION
IT audit and controls are necessary and crucial for an organisation as it determine
whether IT controls and measures are sufficient to protect corporate asset together with
maintaining data integrity in order to properly align with overall goals and objectives of Business
(Aobdia, 2019). This report is based on National Australia Bank (NAB) which is among one of
the largest financial institution of Australia on the basis of market capitalisation, number of
customers and earnings having its headquarter in Melbourne. This report consist a description
about problem of data breach, common security issues that an auditor needs to investigate
together with information security measures and role of cloud computing in information security.
Main Body
Safety and protection of personal and crucial information of customers is the first priority of
any organisations as leakage of this information can lead to serious issues and implications for a
business. This report is based on NAB which is considered as fourth largest back of Australia
and providing diversified banking and financial services to its customers.
Overview of the addressed problem
The problem and issues encountered by National Australia Bank is associated with data
breach of customers. The problem addressed in this report includes significant level of data
breach in NAB where names, contact details together with dates of birth and government issues
identification numbers like drivers license of about 13000 customers were accidently shared with
two data service companies (NAB reveals 13,000-person data breach at 6PM Friday, 2020). It
has been claimed by these third party data service providers that they have deleted the
information accidently sent and provided by NAB within two hours and there is no evidence of
further copied or discloser of this crucial information (Jumbad & Chel, 2018). Further, the chief
data officer has accomplished that it was not a cyber security issues while the problem
encountered with the issue of human error and mainly associated with the breach of data security
policies of NAB.
Common security issues that an auditor needs to investigate
The responsibility of an IT auditor is not only limited to examination and verification of
physical security controls but also includes the overall financial and business controls of an
organisation that also involves monitoring and control over information technology system. The
1
IT audit and controls are necessary and crucial for an organisation as it determine
whether IT controls and measures are sufficient to protect corporate asset together with
maintaining data integrity in order to properly align with overall goals and objectives of Business
(Aobdia, 2019). This report is based on National Australia Bank (NAB) which is among one of
the largest financial institution of Australia on the basis of market capitalisation, number of
customers and earnings having its headquarter in Melbourne. This report consist a description
about problem of data breach, common security issues that an auditor needs to investigate
together with information security measures and role of cloud computing in information security.
Main Body
Safety and protection of personal and crucial information of customers is the first priority of
any organisations as leakage of this information can lead to serious issues and implications for a
business. This report is based on NAB which is considered as fourth largest back of Australia
and providing diversified banking and financial services to its customers.
Overview of the addressed problem
The problem and issues encountered by National Australia Bank is associated with data
breach of customers. The problem addressed in this report includes significant level of data
breach in NAB where names, contact details together with dates of birth and government issues
identification numbers like drivers license of about 13000 customers were accidently shared with
two data service companies (NAB reveals 13,000-person data breach at 6PM Friday, 2020). It
has been claimed by these third party data service providers that they have deleted the
information accidently sent and provided by NAB within two hours and there is no evidence of
further copied or discloser of this crucial information (Jumbad & Chel, 2018). Further, the chief
data officer has accomplished that it was not a cyber security issues while the problem
encountered with the issue of human error and mainly associated with the breach of data security
policies of NAB.
Common security issues that an auditor needs to investigate
The responsibility of an IT auditor is not only limited to examination and verification of
physical security controls but also includes the overall financial and business controls of an
organisation that also involves monitoring and control over information technology system. The
1
security audit is mainly associated with systematic evaluation of security and control measures of
an organisation for protection of information system of an organisation together with evaluation
of how well it conforms to a set of estbilshed criteria to determine its performance level (Lisic &
Zhang, 2016). The main security issues that an auditor needs to investigate while IT audit and
control are discussed below:
Data breach- The most important and crucial issues that must be investigated by an
auditor is related with chances of data breach through an organisation as it is directly associated
with misuse and leak of confidential and personal data of customers which can be hazardous and
lead to serious implications (Oussii & Taktak, 2018). The issue of data breach is mainly caused
because of compromised credentials together with issues related with software miss-
configuration, lost hardware or malware that must be investigate and evaluate by an auditor
while conducting a security audit.
Malware infection- An auditor must evaluate the possible issues and threat associated with
malware like email spams that could act as a vector of malware attack. These issues are mainly
created due to lack of proper education and training in employees which can lead to malware
infection thus, a robust email scanning and filtering system is must for an organisation to have
proper malware and vulnerable scans that must be investigated by an auditor during IT audit
(Weickgenannt, 2018).
Disturbed denial of services attack- This issue is mainly associated with service attack that
generally includes a group or set of computers that are being harnessed together by hackers in
order to flood the target with traffic. This can lead to leak of crucial information and can affect a
business just by using a using an unsafe server, service provider or network infrastructure. Thus,
investigation of DDos attack and related issues is also necessary by an auditor to keep a check on
flow and leakage of information by an organisation (Nilsen, 2018).
Beside this, a check and control over malicious insiders and employee is also necessary
and crucial for an auditor to prevent damage and breach of security and information from inside
attack through limiting the amount of access and seating logical policies in order to monitor the
network with audit and transaction logs.
NAB’s response to the data breach
After this incidence of data breach NAB has cleared that support of customers and safety
of their information is their first priority and no log in details or password has been compromised
2
an organisation for protection of information system of an organisation together with evaluation
of how well it conforms to a set of estbilshed criteria to determine its performance level (Lisic &
Zhang, 2016). The main security issues that an auditor needs to investigate while IT audit and
control are discussed below:
Data breach- The most important and crucial issues that must be investigated by an
auditor is related with chances of data breach through an organisation as it is directly associated
with misuse and leak of confidential and personal data of customers which can be hazardous and
lead to serious implications (Oussii & Taktak, 2018). The issue of data breach is mainly caused
because of compromised credentials together with issues related with software miss-
configuration, lost hardware or malware that must be investigate and evaluate by an auditor
while conducting a security audit.
Malware infection- An auditor must evaluate the possible issues and threat associated with
malware like email spams that could act as a vector of malware attack. These issues are mainly
created due to lack of proper education and training in employees which can lead to malware
infection thus, a robust email scanning and filtering system is must for an organisation to have
proper malware and vulnerable scans that must be investigated by an auditor during IT audit
(Weickgenannt, 2018).
Disturbed denial of services attack- This issue is mainly associated with service attack that
generally includes a group or set of computers that are being harnessed together by hackers in
order to flood the target with traffic. This can lead to leak of crucial information and can affect a
business just by using a using an unsafe server, service provider or network infrastructure. Thus,
investigation of DDos attack and related issues is also necessary by an auditor to keep a check on
flow and leakage of information by an organisation (Nilsen, 2018).
Beside this, a check and control over malicious insiders and employee is also necessary
and crucial for an auditor to prevent damage and breach of security and information from inside
attack through limiting the amount of access and seating logical policies in order to monitor the
network with audit and transaction logs.
NAB’s response to the data breach
After this incidence of data breach NAB has cleared that support of customers and safety
of their information is their first priority and no log in details or password has been compromised
2
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
by NAB and all its systems are remained secured and the issue was only a human error and
breach of data protection policies of NAB. Thus, National Australia bank emailed, called or
written to all impacted customer individually and facilitated a 24/7 specialist support team to
help customers (Chang & et. al., 2019). Further, it has been also announced by NAB that it
would cover all cost of independent, enhanced fraud detection identification services for affected
customers tighter with cost of government identification numbers if they need to be reissued
(NAB reveals 13,000-person data breach at 6PM Friday, 2020). Beside this, NAB has ensured
of working with service providers such as Amazon Web Services, Microsoft Azure and Google
Cloud to take advantage of the unique offerings of each provider in order to protect them from
being dependent on any single provider and to have better check on security of data.
Information security measures NAB should adopt
The proposed security measures for NAB that could be adopted by it to address the issue of
data breach together with better check and control over its information system are discussed
below:
Establish strong password- The foremost step that can be taken NAB includes setting a
strong password which may includes a combination of capitals, lower-case letters, numbers, and
symbols to create a strong password (Ji, Lu & Qu, 2018). Further, timely changes and
modification should be also made in passwords in order to maintain the viability of information
and have better safety and control over breach of data.
Set up firewall- The other security measure that could be adopted by NAB includes
firewalls that facilitates better control and check on internet trafficking that are the main cause of
data breach. Use of firewall ensures a security network system that keeps a check and monitor
over incoming and outgoing network traffic based on predetermined rules of security thus, it lead
to barrier between a trusted internal network and unstructured external network to protect and
safeguard the information of NAB (Groomer & Murthy, 2018).
Beside this, it has been evaluated that the main cause of data breach in current condition
is associated with human error NAB could provide better IT training and development to its staff
to keep better check and control over flow of information.
Role of cloud computing in information security
Cloud computing plays a crucial role in information security as it lead to a varied set of
policies, applications, technologies and controls that can be utilized by an organisation to protect
3
breach of data protection policies of NAB. Thus, National Australia bank emailed, called or
written to all impacted customer individually and facilitated a 24/7 specialist support team to
help customers (Chang & et. al., 2019). Further, it has been also announced by NAB that it
would cover all cost of independent, enhanced fraud detection identification services for affected
customers tighter with cost of government identification numbers if they need to be reissued
(NAB reveals 13,000-person data breach at 6PM Friday, 2020). Beside this, NAB has ensured
of working with service providers such as Amazon Web Services, Microsoft Azure and Google
Cloud to take advantage of the unique offerings of each provider in order to protect them from
being dependent on any single provider and to have better check on security of data.
Information security measures NAB should adopt
The proposed security measures for NAB that could be adopted by it to address the issue of
data breach together with better check and control over its information system are discussed
below:
Establish strong password- The foremost step that can be taken NAB includes setting a
strong password which may includes a combination of capitals, lower-case letters, numbers, and
symbols to create a strong password (Ji, Lu & Qu, 2018). Further, timely changes and
modification should be also made in passwords in order to maintain the viability of information
and have better safety and control over breach of data.
Set up firewall- The other security measure that could be adopted by NAB includes
firewalls that facilitates better control and check on internet trafficking that are the main cause of
data breach. Use of firewall ensures a security network system that keeps a check and monitor
over incoming and outgoing network traffic based on predetermined rules of security thus, it lead
to barrier between a trusted internal network and unstructured external network to protect and
safeguard the information of NAB (Groomer & Murthy, 2018).
Beside this, it has been evaluated that the main cause of data breach in current condition
is associated with human error NAB could provide better IT training and development to its staff
to keep better check and control over flow of information.
Role of cloud computing in information security
Cloud computing plays a crucial role in information security as it lead to a varied set of
policies, applications, technologies and controls that can be utilized by an organisation to protect
3
and safeguard virtualized IP, services, data, applications and associated infrastructure of cloud
computing (Chan, 2018). Through facilitating authenticating access and filtering traffic together
with security measures to configured protected data, support regulate compliance and setting
authentication rules for individuals and devices ensures protection of customers’ privacy thus,
facilitates better information security. Further, centralised security system and ultimate
dependability and reliability is also offered by cloud computing that enhance its role in
information security for an organization (Alzeban, 2019).
CONCLUSION
On the basis of above report it can be concluded that maintain security and safety of
customer’s data is the first priority of an organisation. An auditor must investigate about data
breach and malware infection together with service attack while security audits to keep a check
and control over information system. At last it can be concluded that strong password and
firewalls together with cloud computing are effective measures to ensure information security.
4
computing (Chan, 2018). Through facilitating authenticating access and filtering traffic together
with security measures to configured protected data, support regulate compliance and setting
authentication rules for individuals and devices ensures protection of customers’ privacy thus,
facilitates better information security. Further, centralised security system and ultimate
dependability and reliability is also offered by cloud computing that enhance its role in
information security for an organization (Alzeban, 2019).
CONCLUSION
On the basis of above report it can be concluded that maintain security and safety of
customer’s data is the first priority of an organisation. An auditor must investigate about data
breach and malware infection together with service attack while security audits to keep a check
and control over information system. At last it can be concluded that strong password and
firewalls together with cloud computing are effective measures to ensure information security.
4
REFERENCES
Books and journal
Aobdia, D. (2019). The economic consequences of audit firms’ quality control system
deficiencies. Management Science.
Jumbad, V., & Chel, A. (2018, September). Strategic use of control plan as a process audit tool
in automotive industry: A case study. In AIP Conference Proceedings (Vol. 2018, No. 1,
p. 020006). AIP Publishing LLC.
Lisic, L. L. & Zhang, Y. (2016). CEO power, internal control quality, and audit committee
effectiveness in substance versus in form. Contemporary Accounting Research. 33(3).
1199-1237.
Oussii, A. A., & Taktak, N. B. (2018). The impact of internal audit function characteristics on
internal control quality. Managerial Auditing Journal.
Nilsen, P. O. (2018). Norwegian Local Government-System of Internal Supervision and Control
and External Audit. Finanse Komunalne, (1-2), 144-153.
Chang, Y. T. & et. al. (2019). The impact of internal audit attributes on the effectiveness of
internal control over operations and compliance. Journal of Contemporary Accounting &
Economics. 15(1). 1-19.
Ji, X. D., Lu, W., & Qu, W. (2018). Internal control risk and audit fees: Evidence from China.
Journal of Contemporary Accounting & Economics. 14(3). 266-287.
Groomer, S. M., & Murthy, U. S. (2018). Continuous auditing of database applications: An
embedded audit module approach. Continuous Auditing, 105-124.
Chan, D. (2018). The Effects of Internal Control Reporting Regulation on Control Quality,
Compensation and Audit Effort. Compensation and Audit Effort (May 31, 2018).
Weickgenannt, A. B. (2018). AUDIT COMMITTEE OVERSIGHT OF INTERNAL CONTROL
OVER FINANCIAL REPORTING.
Alzeban, A. (2019). The relationship between internal control and internal audit
recommendations. Spanish Journal of Finance and Accounting/Revista Española de
Financiación y Contabilidad. 48(3). 341-362.
Online:
NAB reveals 13,000-person data breach at 6PM Friday. 2020. [Online] Available Through:<
https://www.itnews.com.au/news/nab-data-breach-hits-13000-customers-528757>.
5
Books and journal
Aobdia, D. (2019). The economic consequences of audit firms’ quality control system
deficiencies. Management Science.
Jumbad, V., & Chel, A. (2018, September). Strategic use of control plan as a process audit tool
in automotive industry: A case study. In AIP Conference Proceedings (Vol. 2018, No. 1,
p. 020006). AIP Publishing LLC.
Lisic, L. L. & Zhang, Y. (2016). CEO power, internal control quality, and audit committee
effectiveness in substance versus in form. Contemporary Accounting Research. 33(3).
1199-1237.
Oussii, A. A., & Taktak, N. B. (2018). The impact of internal audit function characteristics on
internal control quality. Managerial Auditing Journal.
Nilsen, P. O. (2018). Norwegian Local Government-System of Internal Supervision and Control
and External Audit. Finanse Komunalne, (1-2), 144-153.
Chang, Y. T. & et. al. (2019). The impact of internal audit attributes on the effectiveness of
internal control over operations and compliance. Journal of Contemporary Accounting &
Economics. 15(1). 1-19.
Ji, X. D., Lu, W., & Qu, W. (2018). Internal control risk and audit fees: Evidence from China.
Journal of Contemporary Accounting & Economics. 14(3). 266-287.
Groomer, S. M., & Murthy, U. S. (2018). Continuous auditing of database applications: An
embedded audit module approach. Continuous Auditing, 105-124.
Chan, D. (2018). The Effects of Internal Control Reporting Regulation on Control Quality,
Compensation and Audit Effort. Compensation and Audit Effort (May 31, 2018).
Weickgenannt, A. B. (2018). AUDIT COMMITTEE OVERSIGHT OF INTERNAL CONTROL
OVER FINANCIAL REPORTING.
Alzeban, A. (2019). The relationship between internal control and internal audit
recommendations. Spanish Journal of Finance and Accounting/Revista Española de
Financiación y Contabilidad. 48(3). 341-362.
Online:
NAB reveals 13,000-person data breach at 6PM Friday. 2020. [Online] Available Through:<
https://www.itnews.com.au/news/nab-data-breach-hits-13000-customers-528757>.
5
1 out of 7
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.