NAB Case Study: Information Security Measures and Cloud Computing
VerifiedAdded on  2023/01/12
|8
|2394
|35
Case Study
AI Summary
This case study analyzes the data breach incident at the National Australia Bank (NAB), focusing on the publication of customer information due to human error. It identifies key security issues an auditor must consider, including IT infrastructure vulnerabilities and employee training. The report discusses NAB's response to the breach, which included contacting affected customers and offering support. It also outlines essential information security measures like antivirus protection, firewalls, intrusion detection systems, and strong password policies. Furthermore, the case study explores the role of cloud computing in enhancing information security through data backups, innovation, collaboration, and improved security protocols. The conclusion emphasizes the importance of addressing data breaches and implementing robust security measures to protect customer information and maintain organizational integrity.
CASE STUDY
1
1
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Table of Contents
INTRODUCTION...........................................................................................................................3
Overview of Addressed problem............................................................................................3
Different security issue that an auditor has to consider..........................................................4
NAB response to data breaching............................................................................................5
Purpose of Information security measures.............................................................................5
Describe the role of cloud computing in Information Security..............................................7
CONCLUSION...............................................................................................................................7
REFERENCES................................................................................................................................8
2
INTRODUCTION...........................................................................................................................3
Overview of Addressed problem............................................................................................3
Different security issue that an auditor has to consider..........................................................4
NAB response to data breaching............................................................................................5
Purpose of Information security measures.............................................................................5
Describe the role of cloud computing in Information Security..............................................7
CONCLUSION...............................................................................................................................7
REFERENCES................................................................................................................................8
2
INTRODUCTION
Data breach is a confirmed incident in which sensitive, confidential or otherwise
protected data has been accessed and/or disclosed in an unauthorized fashion. National
Australia Bank is one of the four largest financial institutions in Australia in terms of market
capitalization, earnings and customers. This report highlights the main issue which is faced by
the organization. After that the report highlights the security concern in the organization and
different response of same in an organization. After that the report highlights different security
measure and how cloud computing can help company in safeguarding different information
breaching issue.
Overview of Addressed problem
Main problem which is seen by the organization is the publish of different customer information
in the market by human mistake. Information of different customer was uploaded by two
companies without any authorization company has contacted with different company has deleted
all the information which was uploaded on the portal. This has creates variety of issue and given
birth to variety of organizational problem for the company. As it has been identified that due to
same organization has to invest more resources toward promoting and contacting different
customer who’s data has wrongly promoted by the company this will increase the amount of
expenditure of the company in the market (Hadlington and et.al., 2019). This issue is not come
under data breaching issue as in this organization has not deliberately sold the information of
consumer to other interested party. At the same time this issue is also not comes under cyber
security reason behind the same is that bank has identified that this type of issue in the
organization was not occurred due to problem in the security software of the company, this issue
was occurred due to human mistake in the organization and organization are trying to make sure
that this type of mistake will not occur again in an organization (McCormac and et.al., 2017).
Another issue which was highlighted by case study was that to build as good as
infrastructure in the organization, as CEO has highlighted that building the infrastructure like big
four company in the organization will demand good amount of finance from the company but
company is not having that good amount of finance to build that sort of infrastructure, so it is
one of the biggest issue which is being faced by the company in the market.
3
Data breach is a confirmed incident in which sensitive, confidential or otherwise
protected data has been accessed and/or disclosed in an unauthorized fashion. National
Australia Bank is one of the four largest financial institutions in Australia in terms of market
capitalization, earnings and customers. This report highlights the main issue which is faced by
the organization. After that the report highlights the security concern in the organization and
different response of same in an organization. After that the report highlights different security
measure and how cloud computing can help company in safeguarding different information
breaching issue.
Overview of Addressed problem
Main problem which is seen by the organization is the publish of different customer information
in the market by human mistake. Information of different customer was uploaded by two
companies without any authorization company has contacted with different company has deleted
all the information which was uploaded on the portal. This has creates variety of issue and given
birth to variety of organizational problem for the company. As it has been identified that due to
same organization has to invest more resources toward promoting and contacting different
customer who’s data has wrongly promoted by the company this will increase the amount of
expenditure of the company in the market (Hadlington and et.al., 2019). This issue is not come
under data breaching issue as in this organization has not deliberately sold the information of
consumer to other interested party. At the same time this issue is also not comes under cyber
security reason behind the same is that bank has identified that this type of issue in the
organization was not occurred due to problem in the security software of the company, this issue
was occurred due to human mistake in the organization and organization are trying to make sure
that this type of mistake will not occur again in an organization (McCormac and et.al., 2017).
Another issue which was highlighted by case study was that to build as good as
infrastructure in the organization, as CEO has highlighted that building the infrastructure like big
four company in the organization will demand good amount of finance from the company but
company is not having that good amount of finance to build that sort of infrastructure, so it is
one of the biggest issue which is being faced by the company in the market.
3
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Different security issue that an auditor has to consider
There are many different type of issue which needs to be looked by auditor in context of
investigation. First think which has to be looked by the auditor is the IT infrastructure of the
company. As it has been find out in recent past it has been find out that technology is one thing
which used to support different hacker in the nation to perform variety of unlawful or data
breaching activity in the market. CEO of company has also highlighted that due to availability of
less amount of finance in the organization is not able to maintain the optimum quality of the
infrastructure which is demanded by today’s world. so NAB has to make sure that they used to
consider looking at the infrastructure of the company in the market, as it is providing support to
different hacker or interested party to use the same data in Lawfull manner in the organization.
Change management technique is the best technique through which this issue can be consider by
the company.
Another security which has to be considering by the organization is the training of
different employee in the organization. As it has been seen that security of the company is
generally look by the human resource of the company. So it very important for all the human
resource to have very good technical skill to maintain good security in an organization. So
organization has to make sure that they used to provide good sort of training to all employee in
the organization so that organization will able to maintain good human force in the organization.
This will eventually help the company in building and maintaining good sort of security in the
organization. As all employee will ready for future challenges which will be faced by them in
the market. In this report CEO of bank has also highlight that the reason behind this issue in the
organization was due to human mistake in the organization. Training of different employee can
be organized by the company, another way through which this issue can be reduced in the
organization is by providing proper guideline and roadmap to different employee through which
they can perform different activity in a way in the organization it will bring good amount of
clarity in the organization, this will eventually help the company in maintaining good amount of
security in the organization.
Another issue which is faced by the company in the market is maintaining confidentiality
of customer information in the market, so auditor has to make sure that they used to consider the
security of customer in the organization. As not maintaining this sort of thing in the Bank will
create variety of legal compliance in the market this will eventually impact the goodwill of the
4
There are many different type of issue which needs to be looked by auditor in context of
investigation. First think which has to be looked by the auditor is the IT infrastructure of the
company. As it has been find out in recent past it has been find out that technology is one thing
which used to support different hacker in the nation to perform variety of unlawful or data
breaching activity in the market. CEO of company has also highlighted that due to availability of
less amount of finance in the organization is not able to maintain the optimum quality of the
infrastructure which is demanded by today’s world. so NAB has to make sure that they used to
consider looking at the infrastructure of the company in the market, as it is providing support to
different hacker or interested party to use the same data in Lawfull manner in the organization.
Change management technique is the best technique through which this issue can be consider by
the company.
Another security which has to be considering by the organization is the training of
different employee in the organization. As it has been seen that security of the company is
generally look by the human resource of the company. So it very important for all the human
resource to have very good technical skill to maintain good security in an organization. So
organization has to make sure that they used to provide good sort of training to all employee in
the organization so that organization will able to maintain good human force in the organization.
This will eventually help the company in building and maintaining good sort of security in the
organization. As all employee will ready for future challenges which will be faced by them in
the market. In this report CEO of bank has also highlight that the reason behind this issue in the
organization was due to human mistake in the organization. Training of different employee can
be organized by the company, another way through which this issue can be reduced in the
organization is by providing proper guideline and roadmap to different employee through which
they can perform different activity in a way in the organization it will bring good amount of
clarity in the organization, this will eventually help the company in maintaining good amount of
security in the organization.
Another issue which is faced by the company in the market is maintaining confidentiality
of customer information in the market, so auditor has to make sure that they used to consider the
security of customer in the organization. As not maintaining this sort of thing in the Bank will
create variety of legal compliance in the market this will eventually impact the goodwill of the
4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
company in the market and also will create wrong impact on the mindset of the consumer toward
the company in wrong run. So it is very important for the organization in maintaining good
security in context of different information related to customer satisfaction in an organization.
NAB response to data breaching
NAB has taken very good initiative to response to this issue in the organization, as
organization has decided to contact to all 13000 customer. This will increase the cost of the
company in long run but organization has considered customer relation above all other in an
organization (Peltier, 2016). This will provide all the customer a good sort of assurance in the
market that organization used to consider about them, also organization will able to reduce some
sort of uncertainty among employee in an market, as it has been find out that customer are
having thought that there data will be used in a wrong way by conveying all the customer that
their data was not used or taken by any other organization it will eventually help the company in
maintaining the same amount of relationship with customer in the market. At the same time
apologizing customer on contact will also bring variety of benefit.
Also it has been highlighted that if any individual or customer need to make any
document again due to data breaching activity it will eventually be funded by NAB in the
market. Also, any fraud if happen to customer in future due to this activity all the remedies of
this fraud will be born by organization in the nation, this has eventually pass on better image of
company.
Not only that organization is considering at improving the IT unit of the company by
looking at building more secure infrastructure of the company, so that this type of issue can not
occur in an organization again. This will also help the company in overcoming some of the
critics which are there for organization in current scenario
Purpose of Information security measures
Antivirus protection, it is one of the measure which need to be consider by organization to
overcome same kind of the issue in future. In this measure bank has to make sure that they have
installed antivirus software in all the system of the company in the market. Antivirus software
will help the bank in getting notification of any issue which is occurring in an organization, at
the same time this will also restrict different virus to enter into system. As virus are the bases on
5
the company in wrong run. So it is very important for the organization in maintaining good
security in context of different information related to customer satisfaction in an organization.
NAB response to data breaching
NAB has taken very good initiative to response to this issue in the organization, as
organization has decided to contact to all 13000 customer. This will increase the cost of the
company in long run but organization has considered customer relation above all other in an
organization (Peltier, 2016). This will provide all the customer a good sort of assurance in the
market that organization used to consider about them, also organization will able to reduce some
sort of uncertainty among employee in an market, as it has been find out that customer are
having thought that there data will be used in a wrong way by conveying all the customer that
their data was not used or taken by any other organization it will eventually help the company in
maintaining the same amount of relationship with customer in the market. At the same time
apologizing customer on contact will also bring variety of benefit.
Also it has been highlighted that if any individual or customer need to make any
document again due to data breaching activity it will eventually be funded by NAB in the
market. Also, any fraud if happen to customer in future due to this activity all the remedies of
this fraud will be born by organization in the nation, this has eventually pass on better image of
company.
Not only that organization is considering at improving the IT unit of the company by
looking at building more secure infrastructure of the company, so that this type of issue can not
occur in an organization again. This will also help the company in overcoming some of the
critics which are there for organization in current scenario
Purpose of Information security measures
Antivirus protection, it is one of the measure which need to be consider by organization to
overcome same kind of the issue in future. In this measure bank has to make sure that they have
installed antivirus software in all the system of the company in the market. Antivirus software
will help the bank in getting notification of any issue which is occurring in an organization, at
the same time this will also restrict different virus to enter into system. As virus are the bases on
5
which different hacker used to hack different information of company. So it is very important for
the company to have antivirus protection. Not only that organization has to make sure that they
used to update the antivirus software on timely basis, as almost all the antivirus used to come
with the license of 1-2 year. So organization has to make sure that they are always updated with
antivirus protection.
Another measure which has to be taken by the organization, as they have to build
firewall in the organization. This will eventually help the company in controlling internet traffic
coming and leaving your business. This will help the company in getting good sort of control
over the different data which has been transfer over internet for the company. As it has been find
out that all the hacker generally used to take help of internet to breach different data in an
organization. As it has been find out that all the hacker generally used to take help of internet to
hack different data of the customer from organization. So organization has to make sure that
they used to set up firewall in the organization. Also, organization has to make sure that they
used to establish strong password in the organization so that organization is able to safe different
data and confidential information of customer from the market.
Intrusion detection system: It is the types of network system which can be bring in the
organization to safeguard different information of customer or reducing the amount of
information breaching in the organization. There are two types of IDS which can be installed by
an organization. Host-based IDS, this system are generally installed on a particular important
machine and this used to make sure that different system used to match the particular set
baseline in market. It used to create data base of file signature system and also regularly check
current system files against their safe signature. Network based IDS is another measure which
need to be install by the organization, these system consist of a normal network sniffer running
in promiscuous mode (Safa, Von Solms and Furnell, 2016). This decision system used to sniffer
its attached to a database of known attack signature. For example, there might be a common
Web attack which may be containing the string /system32/cmd.exe? in the URL. The IDS
systems of an organization generally help company in will have a match for this in the database
and will alert the administrator, on the basis of which different decision can be made in an
organization.
6
the company to have antivirus protection. Not only that organization has to make sure that they
used to update the antivirus software on timely basis, as almost all the antivirus used to come
with the license of 1-2 year. So organization has to make sure that they are always updated with
antivirus protection.
Another measure which has to be taken by the organization, as they have to build
firewall in the organization. This will eventually help the company in controlling internet traffic
coming and leaving your business. This will help the company in getting good sort of control
over the different data which has been transfer over internet for the company. As it has been find
out that all the hacker generally used to take help of internet to breach different data in an
organization. As it has been find out that all the hacker generally used to take help of internet to
hack different data of the customer from organization. So organization has to make sure that
they used to set up firewall in the organization. Also, organization has to make sure that they
used to establish strong password in the organization so that organization is able to safe different
data and confidential information of customer from the market.
Intrusion detection system: It is the types of network system which can be bring in the
organization to safeguard different information of customer or reducing the amount of
information breaching in the organization. There are two types of IDS which can be installed by
an organization. Host-based IDS, this system are generally installed on a particular important
machine and this used to make sure that different system used to match the particular set
baseline in market. It used to create data base of file signature system and also regularly check
current system files against their safe signature. Network based IDS is another measure which
need to be install by the organization, these system consist of a normal network sniffer running
in promiscuous mode (Safa, Von Solms and Furnell, 2016). This decision system used to sniffer
its attached to a database of known attack signature. For example, there might be a common
Web attack which may be containing the string /system32/cmd.exe? in the URL. The IDS
systems of an organization generally help company in will have a match for this in the database
and will alert the administrator, on the basis of which different decision can be made in an
organization.
6
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Describe the role of cloud computing in Information Security
One of the biggest role which is played by cloud computing in the organization is that it
used to create the multiple backup of your data. It generally help the company in overcoming
variety of issue related to information breaching that is system shutdown, disaster, brute force
attack etc. This is generally beneficial when dealing with large amount of data in the
organization. Another role which is played by Cloud computing is that it will help them in
bringing good sort of innovation and creativity in an organization. Cloud computing generally
used to allow different files to accessed from any place and at any tome. Also cloud computing
used to help the company in ensuring optimum delegation of authority in an organization.
Overall it used to help the company in creating the atmosphere of collaborating and will also
help the company in building good sort of security in the team atmosphere. Also cloud
computing used to better collaboration in the organization this eventually used to reduce the
amount of security concern in the organization in long run (Soomro, Shah and Ahmed, 2016).
CONCLUSION
After going through the report it has been summarized that data breaching is the issue faced
by the organization. After that report concludes three security measure which need to consider
by the organization. After that report summarizes different response of company and different
measure through which it can be improved in the organization. In the end report summarized the
way through which organization can use cloud computing in the organization to safeguard
information breaching.
7
One of the biggest role which is played by cloud computing in the organization is that it
used to create the multiple backup of your data. It generally help the company in overcoming
variety of issue related to information breaching that is system shutdown, disaster, brute force
attack etc. This is generally beneficial when dealing with large amount of data in the
organization. Another role which is played by Cloud computing is that it will help them in
bringing good sort of innovation and creativity in an organization. Cloud computing generally
used to allow different files to accessed from any place and at any tome. Also cloud computing
used to help the company in ensuring optimum delegation of authority in an organization.
Overall it used to help the company in creating the atmosphere of collaborating and will also
help the company in building good sort of security in the team atmosphere. Also cloud
computing used to better collaboration in the organization this eventually used to reduce the
amount of security concern in the organization in long run (Soomro, Shah and Ahmed, 2016).
CONCLUSION
After going through the report it has been summarized that data breaching is the issue faced
by the organization. After that report concludes three security measure which need to consider
by the organization. After that report summarizes different response of company and different
measure through which it can be improved in the organization. In the end report summarized the
way through which organization can use cloud computing in the organization to safeguard
information breaching.
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
REFERENCES
Books and Journals
Safa, N. S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model
in organizations. computers & security. 56. pp.70-82.
Peltier, T. R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. CRC Press.
Soomro, Z. A., Shah, M. H. and Ahmed, J., 2016. Information security management needs more
holistic approach: A literature review. International Journal of Information
Management. 36(2). pp.215-225.
McCormac, A and et.al., 2017. A reliable measure of information security awareness and the
identification of bias in responses. Australasian Journal of Information Systems, 21.
Wiley, A., McCormac, A. and Calic, D., 2020. More than the individual: Examining the
relationship between culture and Information Security Awareness. Computers &
Security, 88, p.101640.
Bada, M., Sasse, A. M. and Nurse, J. R., 2019. Cyber security awareness campaigns: Why do
they fail to change behaviour?.arXiv preprint arXiv:1901.02672.
Hadlington, L. and et.al., 2019. Exploring the role of work identity and work locus of control in
information security awareness. Computers & Security. 81. pp.41-48.
8
Books and Journals
Safa, N. S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model
in organizations. computers & security. 56. pp.70-82.
Peltier, T. R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. CRC Press.
Soomro, Z. A., Shah, M. H. and Ahmed, J., 2016. Information security management needs more
holistic approach: A literature review. International Journal of Information
Management. 36(2). pp.215-225.
McCormac, A and et.al., 2017. A reliable measure of information security awareness and the
identification of bias in responses. Australasian Journal of Information Systems, 21.
Wiley, A., McCormac, A. and Calic, D., 2020. More than the individual: Examining the
relationship between culture and Information Security Awareness. Computers &
Security, 88, p.101640.
Bada, M., Sasse, A. M. and Nurse, J. R., 2019. Cyber security awareness campaigns: Why do
they fail to change behaviour?.arXiv preprint arXiv:1901.02672.
Hadlington, L. and et.al., 2019. Exploring the role of work identity and work locus of control in
information security awareness. Computers & Security. 81. pp.41-48.
8
1 out of 8
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.