MGT603 Assessment 2: Rich Picture, CATWOE, Root Definition Report

Verified

Added on 2022/11/26

AI Summary

This report provides a systems thinking analysis of the Commonwealth Bank (CBA) data breach, which occurred in 2016 and compromised the data of over 20 million customers. The assignment utilizes tools such as Rich Picture, CATWOE analysis, and root definition to understand the complex situation, stakeholders, and the impact of the breach. The CATWOE analysis identifies customers, actors (bank managers, IT staff, hackers), the transformation process (securing consumer information), worldview (enhanced banking experience), owners (IT and bank managers), and environmental constraints (legal consequences). Two optimal solutions are proposed to overcome the problem: migrating data to a private cloud for enhanced security and offering enhanced access control through two-factor authentication and encryption. The report emphasizes the importance of data security, access control, and the need for improved systems to prevent future breaches and maintain customer trust.

Running head: RICH PICTURE, CATWOE AND ROOT DEFINITION REPORT
RICH PICTURE, CATWOE AND ROOT DEFINITION REPORT
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1RICH PICTURE, CATWOE AND ROOT DEFINITION REPORT
Table of Contents
1) Rich Picture............................................................................................................................2
2) Root Definition report using CATWOE................................................................................2
3) Two optimal solutions to overcome the problem/policy challenge identified.......................3
Migrating data to the cloud:.......................................................................................................3
Offering enhanced access control:.............................................................................................4
References:.................................................................................................................................5

2RICH PICTURE, CATWOE AND ROOT DEFINITION REPORT
1) Rich Picture
2) Root Definition report using CATWOE
C- Customers/clients who are associated with the bank
A - Actors include bank manager, IT manager, cyber-security team, hackers
T – Transformation Process refers to integration of encryption technique and secured
database for securing consumer information such as banking details, accounting details,
financial transaction details, information regarding credit and debit card information.
W- Weltanschauung / Worldview
With the implementation of new system in the bank, it is possible to offer consumer a secured
and enhanced banking experience that is consistent with their requirements
O – Owners or the decision makers are the IT manager and bank manager who will
implement this change and offers an enhanced and secured banking experience to the
consumers.

3RICH PICTURE, CATWOE AND ROOT DEFINITION REPORT
E- The environmental constraints have a significant impact on the way banking service is
provided to the consumers. The designed security solution have to secure data of consumers
as it is their personal information and if the bank is not able to do that they have to deal with
legal consequences.
As of now the company does not have any improved solution for ensuring data security,
relies on traditional IT infrastructure and legacy system that stores, and process data. This has
led to breaching of data. Data breach at first place might not be faults of the commonwealth
bank though they are responsible to secure this, but not improving security of the system
through proper measures even after data breach is something that needs to be avoided, as it is
a deliberate fault of the commonwealth bank. Hence, in this regard, security solutions need to
be designed that is consistent with security requirements of the commonwealth bank.
Data breach has a significant impact on quality of services provided to consumer. right now
commonwealth banks does not have proper security measures for preventing them to illegally
access system data and data sever which provides database and storage facility to store and
process data. Hence, it is required to design an access control system that ensures that access
to the database is not easy without proper authorization.
Data breach has various issues which commonwealth bank needs to consider. Not only it
affect data availability, it also makes it difficult for the bank to ensure data portability and
data integrity that is required to offer better security for the data. As the information are not
secured with proper measure, it is difficult to ensure that data is safe and secured. Hence in
this regard an improved system is required that not only solves this problem but also makes
this process efficient.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4RICH PICTURE, CATWOE AND ROOT DEFINITION REPORT
3) Two optimal solutions to overcome the problem/policy challenge identified
Migrating data to the cloud:
The existing IT infrastructure of the bank does not have a cloud service facility. The new and
proposed system offers to integrate cloud computing with the existing legacy system. The
cloud service model that is chosen in this regard is private cloud. Private cloud denies access
to the data and the data server is not shared with others, which is a major problem for public
cloud where data sever is shared with other clients, which affects data security. Along with
that, private cloud offers better security option such as cryptographic encryption, which
makes it difficult for others to access this data without proper authorization.
Along with that, private cloud offers automatic data backup, which means that even if the
data is hacked or stolen, it is not lost as there is copy of the original data, is available. Hence,
this is an effective solution for minimizing data breach and its impact in terms of exploitation
of database system, which is a significant security concern for commonwealth bank.
Offering enhanced access control:
The database of the commonwealth bank that stores important banking details about the
consumers will be secured with two step verification and encryption of username and
password. Here 256-bit encryption will be integrated with admin as well as with consumer
accounts. This increased level of encryption will make it difficult for the hackers to interpret
account details and this will ensure that illegal access to database is restricted. This system
will significantly improve security of consumer account as well as admin account as well thus
offering better data security and improved consumer service for the commonwealth bank.
Two-phase authentication is aimed at assisting the consumers for securing their account and
this is to help consumers to make them aware about any possible hacking activities that might
access their data without their acknowledgement. Often hackers implement simple steps like

5RICH PICTURE, CATWOE AND ROOT DEFINITION REPORT
stealing password, modifying it and in these instances, two-phase authentication plays an
important role in providing basic security. Even if someone send request to the server for
changing password of any account, the server send a verification code to the registered
mobile number. Only after this code is entered successfully, the server allows modifying the
password of the associated account, which provides security to consumer data such as
account password, though at a very basic level, still it is important to consider.

6RICH PICTURE, CATWOE AND ROOT DEFINITION REPORT
References:
Bellare, M., & Hoang, V. T. (2015, March). Adaptive witness encryption and asymmetric
password-based cryptography. In IACR International Workshop on Public Key
Cryptography (pp. 308-331). Springer, Berlin, Heidelberg.
Chang, V. (2015). Towards a Big Data system disaster recovery in a Private Cloud. Ad Hoc
Networks, 35, 65-82.
Griebler, D., Vogel, A., Maron, C. A., Maliszewski, A. M., Schepke, C., & Fernandes, L. G.
(2018, June). Performance of data mining, media, and financial applications under
private cloud conditions. In 2018 IEEE Symposium on Computers and
Communications (ISCC) (pp. 00450-00456). IEEE.
Moriarty, K., Kaliski, B., & Rusch, A. (2017). PKCS# 5: password-based cryptography
specification version 2.1 (No. RFC 8018).
Threefoot, M. J., & Sender, T. R. (2016). U.S. Patent No. 9,338,223. Washington, DC: U.S.
Patent and Trademark Office.