SBM4302 Case Study: Analyzing NAB's Data Breach and Security Measures
VerifiedAdded on 2023/01/12
|8
|2459
|43
Case Study
AI Summary
This case study analyzes the data breach experienced by the National Australia Bank (NAB), focusing on the leakage of consumer data to unauthorized entities. The report provides an overview of the problem, detailing the sensitive information compromised, including names, dates of birth, and ...
Read More
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
CASE STUDY
ASSESSMENT
ASSESSMENT
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
TABLE OF CONTENTS
Table of Contents.............................................................................................................................2
INTRODUCTION...........................................................................................................................3
Overview of problem..................................................................................................................3
Common security issues auditor need to investigate..................................................................3
NAB’s response to breach of data...............................................................................................4
Information security measure needs to be adopted by NAB.......................................................4
Role of cloud computing in information security.......................................................................6
CONCLUSION................................................................................................................................7
REFERENCES................................................................................................................................8
Table of Contents.............................................................................................................................2
INTRODUCTION...........................................................................................................................3
Overview of problem..................................................................................................................3
Common security issues auditor need to investigate..................................................................3
NAB’s response to breach of data...............................................................................................4
Information security measure needs to be adopted by NAB.......................................................4
Role of cloud computing in information security.......................................................................6
CONCLUSION................................................................................................................................7
REFERENCES................................................................................................................................8
INTRODUCTION
Information security is referred to as protection of all the information and facts and
figures relating to the consumers or any other private or confidential information safe. This
safety is ensured that as this confidential information can be misused by other person and can
result in huge losses for the banks and other financial institution (Pattinson and et.al., 2017). The
present report is based over the National Australia Bank (NAB) which is the fourth largest bank
in Australia and was founded in 1982.
The current report will discuss about the security issues being faced by NAB in managing
the data of the consumers. Further the discussion will take place on the response of NAB on the
issues being faced by the bank in protecting the data. In the end the discussion will take place on
the role of cloud computing in the managing and securing the information and data.
Overview of problem
The problem faced by NAB was relating to the leakage of the data and personal
information of their consumers to some other company. The data of approximately 13,000
consumers was uploaded without the authorisation to the servers of two major data service
companies. This was the major problem or the issue being faced by NAB was the not handling of
the data of the consumer in effective and efficient manner. This data included the personal
information of the consumers like name of consumer, date of birth, contact details, government
issued identification number like driving licence and many other identity card details. After
admitting the mistake of the company the bank also apologised to the consumers for the
inconvenience and that mistreatment of data.
Common security issues auditor need to investigate
The security issues are defined as the issues being faced by the bank at time of managing
the data and information securely safe at the place. There are many different security issues
being faced by the bank when it comes to management of the data and personal facts and
information of the consumers. This is crucial and important for the auditors to make sure that all
these issues and problems are being identified at time of securing the data (Parsons and et.al.,
2017). The most common security issues being faced by auditors at time of investigation are as
follows-
Information security is referred to as protection of all the information and facts and
figures relating to the consumers or any other private or confidential information safe. This
safety is ensured that as this confidential information can be misused by other person and can
result in huge losses for the banks and other financial institution (Pattinson and et.al., 2017). The
present report is based over the National Australia Bank (NAB) which is the fourth largest bank
in Australia and was founded in 1982.
The current report will discuss about the security issues being faced by NAB in managing
the data of the consumers. Further the discussion will take place on the response of NAB on the
issues being faced by the bank in protecting the data. In the end the discussion will take place on
the role of cloud computing in the managing and securing the information and data.
Overview of problem
The problem faced by NAB was relating to the leakage of the data and personal
information of their consumers to some other company. The data of approximately 13,000
consumers was uploaded without the authorisation to the servers of two major data service
companies. This was the major problem or the issue being faced by NAB was the not handling of
the data of the consumer in effective and efficient manner. This data included the personal
information of the consumers like name of consumer, date of birth, contact details, government
issued identification number like driving licence and many other identity card details. After
admitting the mistake of the company the bank also apologised to the consumers for the
inconvenience and that mistreatment of data.
Common security issues auditor need to investigate
The security issues are defined as the issues being faced by the bank at time of managing
the data and information securely safe at the place. There are many different security issues
being faced by the bank when it comes to management of the data and personal facts and
information of the consumers. This is crucial and important for the auditors to make sure that all
these issues and problems are being identified at time of securing the data (Parsons and et.al.,
2017). The most common security issues being faced by auditors at time of investigation are as
follows-
Code injection- this is a type of issue where in the hackers exploit the vulnerabilities
within the application at time of inserting the codes. Here the hackers divert the system to plug in
the malicious codes which hacks the system of the consumer and they can take all the data
without the permission of the consumer or to whom the data belongs (Goodman, Straub and
Baskerville, 2016).
Data breach- this is another different types of issue being faced at time of investigation
which is caused by compromised credentials and also involves mis- configuration, malware, lost
hardware and many other issues. For preventing this investigator or auditor need to make good
use of data breach prevention practices. This can include many different things like employees
must be trained to use this system, use of encrypted SSL, permission of using all the software,
scanning of servers and many other practices.
Malicious insiders- this is another security issue being faced at time of the auditing or
investigation. This involves some of the employees within the company which may give access
to the outsider to use the data. This can include setting up of logical access control policies in
order to implement the principles of least privilege and monitoring of the transaction within the
business.
NAB’s response to breach of data
The response of NAB for the breach of data which was done by the bank was very good
and apologetic. This is majorly because of the fact that the bank knew that it was their mistake
and if they will not admit it then this may result in heavy losses and reduction in the consumer
base of the bank. This is majorly because of this breach of data the goodwill and reputation of
the bank declined as they were not able to manage the personal data and information of the
consumers.
For this the Chief Data Officer of the bank that is Glenda Crisp addressed to the public
that they agree that they were responsible for not keeping the data and personal information safe
and secure with the bank itself (Da Veiga and Martins, 2017). Thus, she took all the
responsibility over the name of the bank and because of this the consumer were not decreased to
a great extent as the the act of bank that is agreeing to the problem increased trust of the
consumers. Also, the bank asked the companies to delete the data within the time frame of two
hours.
within the application at time of inserting the codes. Here the hackers divert the system to plug in
the malicious codes which hacks the system of the consumer and they can take all the data
without the permission of the consumer or to whom the data belongs (Goodman, Straub and
Baskerville, 2016).
Data breach- this is another different types of issue being faced at time of investigation
which is caused by compromised credentials and also involves mis- configuration, malware, lost
hardware and many other issues. For preventing this investigator or auditor need to make good
use of data breach prevention practices. This can include many different things like employees
must be trained to use this system, use of encrypted SSL, permission of using all the software,
scanning of servers and many other practices.
Malicious insiders- this is another security issue being faced at time of the auditing or
investigation. This involves some of the employees within the company which may give access
to the outsider to use the data. This can include setting up of logical access control policies in
order to implement the principles of least privilege and monitoring of the transaction within the
business.
NAB’s response to breach of data
The response of NAB for the breach of data which was done by the bank was very good
and apologetic. This is majorly because of the fact that the bank knew that it was their mistake
and if they will not admit it then this may result in heavy losses and reduction in the consumer
base of the bank. This is majorly because of this breach of data the goodwill and reputation of
the bank declined as they were not able to manage the personal data and information of the
consumers.
For this the Chief Data Officer of the bank that is Glenda Crisp addressed to the public
that they agree that they were responsible for not keeping the data and personal information safe
and secure with the bank itself (Da Veiga and Martins, 2017). Thus, she took all the
responsibility over the name of the bank and because of this the consumer were not decreased to
a great extent as the the act of bank that is agreeing to the problem increased trust of the
consumers. Also, the bank asked the companies to delete the data within the time frame of two
hours.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Information security measure needs to be adopted by NAB
When it comes to data and personal information of the consumer the threat of safety of
data arises automatically. Thus, it is very necessary for NAB to manage and keep the data and
information safe and secure within the bank. This is because this securing of the data of
consumers is very helpful for the banks to manage the data and keep it safe and secure ( Srinivas,
Das and Kumar, 2019). This safety and security is ensured because of the fact that if the data will
not be managed in proper manner then the personal information of the consumers can be misused
and many frauds can take place in name of the consumers. The major measures which can be
adopted by NAB in order to manage the issue of data breach in the bank are as follows-
Establishing strong passwords- this is the most important measure which can help in
managing the data of consumers. Under this method some strong password are set over the data
of consumer and till the password is not entered the information cannot be opened. The cracking
of the password is very hard as it is made up of 8 to 12 character which is set by the bank which
can include anything like number, character, alphabet and any other combination.
Installing of antivirus protection- this is another major measure which can be used by
NAB in order to manage the issue of data breach and issues relating to the protection of the data
and personal information. This includes installing of antivirus and anti- malware software within
the system so that no hacker can encrypt in any of the system and can hack the information in
that system.
Backup data at regular interval- this is also an important measure for the securing and
safety of the data. This is majorly because of the reason that this backing up of the data is very
essential for the bank as this backup can be used in case of nay emergency of contingent
situation. The proper backup in the external drives like, hard drive, pen drives, CD can be used
as a backup that is data stored in storage medium other than computers. This is helpful in case
when the system is hacked or is not working properly then the extra back up can be used.
Monitoring- this is also an important manual step which the employees of NAB can use.
This is a practice under which the employees within the bank are hired in order to maintain and
monitoring the data and its security manually (Guseva, 2017). This will ensure that the data is
protected in proper and effective manner which will make sure that the data is saved at a secure
and safe place.
When it comes to data and personal information of the consumer the threat of safety of
data arises automatically. Thus, it is very necessary for NAB to manage and keep the data and
information safe and secure within the bank. This is because this securing of the data of
consumers is very helpful for the banks to manage the data and keep it safe and secure ( Srinivas,
Das and Kumar, 2019). This safety and security is ensured because of the fact that if the data will
not be managed in proper manner then the personal information of the consumers can be misused
and many frauds can take place in name of the consumers. The major measures which can be
adopted by NAB in order to manage the issue of data breach in the bank are as follows-
Establishing strong passwords- this is the most important measure which can help in
managing the data of consumers. Under this method some strong password are set over the data
of consumer and till the password is not entered the information cannot be opened. The cracking
of the password is very hard as it is made up of 8 to 12 character which is set by the bank which
can include anything like number, character, alphabet and any other combination.
Installing of antivirus protection- this is another major measure which can be used by
NAB in order to manage the issue of data breach and issues relating to the protection of the data
and personal information. This includes installing of antivirus and anti- malware software within
the system so that no hacker can encrypt in any of the system and can hack the information in
that system.
Backup data at regular interval- this is also an important measure for the securing and
safety of the data. This is majorly because of the reason that this backing up of the data is very
essential for the bank as this backup can be used in case of nay emergency of contingent
situation. The proper backup in the external drives like, hard drive, pen drives, CD can be used
as a backup that is data stored in storage medium other than computers. This is helpful in case
when the system is hacked or is not working properly then the extra back up can be used.
Monitoring- this is also an important manual step which the employees of NAB can use.
This is a practice under which the employees within the bank are hired in order to maintain and
monitoring the data and its security manually (Guseva, 2017). This will ensure that the data is
protected in proper and effective manner which will make sure that the data is saved at a secure
and safe place.
Be careful at time of e-mail and surfing the web- this is also an important ensure to be
taken by NAB. This is majorly because of the reason that at time of email and surfing web there
comes many advertisements which may be given for hacking the data of the consumers. This is
because if the consumer will click on the advertisement then the data might be stolen and can be
misused (10 Data security measures you can’t do without, 2016). Thus, it is very necessary for
NAB employees and their consumers to effectively use the emails and surf the web in effective
manner. Hence, it is very necessary for the people to surf over internet with very carefully.
Educate the employees- this is another major measure which the National Australia Bank
can use in order to manage their safety and security of the data and personal information of the
consumers. This education is very necessary for the employees as there are many different types
of technology and system being developed in order to protect the data and personal information
of the consumers. But if these technologies are not understood by the employees in proper
manner then this will impact the protection of security to a great extent.
This is because if the person is not having proper knowledge of the technology then this
will be equivalent to some disaster. This is because of the reason that untrained employees
cannot handle the technology and because of their some silly mistake the data can be misused by
others. Hence giving proper education and arranging for training session is very necessary for
NAB in order to manage the issues relating to the data breach and misuse of data.
Role of cloud computing in information security
Cloud computing is referred to as a set of control which is based on the concept of
protection of technology and is designed in order to protect all the resources and data which is
stored online. This is a measure of security which is helpful for NAB in order to manage the
information security. This is majorly because of the fact that this cloud computing helps the
business in managing the data and all the other information at a single storage that is in the cloud
as their internal resources. This is very necessary because this help the company in identifying
the challenges which they face at time when they outsource the protection of data to some other
companies.
This is majorly because of the fact that sometime the company which is working on the
protection of the data of NAB can also misuse the data for their personal use or for any other
fraud or mistreatment of the data (Gupta, Agrawal and Yamaguchi, eds., 2016). Thus, the cloud
computing is a system wherein the NAB records all the data at a single platform that is the cloud
taken by NAB. This is majorly because of the reason that at time of email and surfing web there
comes many advertisements which may be given for hacking the data of the consumers. This is
because if the consumer will click on the advertisement then the data might be stolen and can be
misused (10 Data security measures you can’t do without, 2016). Thus, it is very necessary for
NAB employees and their consumers to effectively use the emails and surf the web in effective
manner. Hence, it is very necessary for the people to surf over internet with very carefully.
Educate the employees- this is another major measure which the National Australia Bank
can use in order to manage their safety and security of the data and personal information of the
consumers. This education is very necessary for the employees as there are many different types
of technology and system being developed in order to protect the data and personal information
of the consumers. But if these technologies are not understood by the employees in proper
manner then this will impact the protection of security to a great extent.
This is because if the person is not having proper knowledge of the technology then this
will be equivalent to some disaster. This is because of the reason that untrained employees
cannot handle the technology and because of their some silly mistake the data can be misused by
others. Hence giving proper education and arranging for training session is very necessary for
NAB in order to manage the issues relating to the data breach and misuse of data.
Role of cloud computing in information security
Cloud computing is referred to as a set of control which is based on the concept of
protection of technology and is designed in order to protect all the resources and data which is
stored online. This is a measure of security which is helpful for NAB in order to manage the
information security. This is majorly because of the fact that this cloud computing helps the
business in managing the data and all the other information at a single storage that is in the cloud
as their internal resources. This is very necessary because this help the company in identifying
the challenges which they face at time when they outsource the protection of data to some other
companies.
This is majorly because of the fact that sometime the company which is working on the
protection of the data of NAB can also misuse the data for their personal use or for any other
fraud or mistreatment of the data (Gupta, Agrawal and Yamaguchi, eds., 2016). Thus, the cloud
computing is a system wherein the NAB records all the data at a single platform that is the cloud
and this is stored internally within the system of company itself. Thus, there is no chance of
fraud or any other misusing of the data and this will keep all the data of the consumer safe and
secure.
The major role of cloud computing in the information security is the data masking which
is referred to as the encrypting all the identifiable information like name, personal information
like birth date, address and all other data of consumers. Another major role of the cloud
computing in the management of the NAB is the role of disaster recovery. This is the role which
is a major security protection of the data and the information of the consumers in order to
recover the data of the consumer in case they have lost the data or the data have been misused.
CONCLUSION
In the end it is summarised that the protection of data is very necessary as if the data will
not be kept secured in the bank then the consumer will lose interest within the bank. Thus, this
will result in decrease in the number of consumer and the sales and revenue of bank. Thus, the
present report first analysed the problem of NAB that is the giving of personal data of around
13000 consumers to their data service company.
Further it was highlighted that the major security issues being faced by the company are
like code injection, malicious insiders and many others. Further the different measures
recommended to NAB were discussed like educating the employees, back up the data and many
others. In the end the role of cloud computing like data masking, disaster recovery and so on was
discussed.
fraud or any other misusing of the data and this will keep all the data of the consumer safe and
secure.
The major role of cloud computing in the information security is the data masking which
is referred to as the encrypting all the identifiable information like name, personal information
like birth date, address and all other data of consumers. Another major role of the cloud
computing in the management of the NAB is the role of disaster recovery. This is the role which
is a major security protection of the data and the information of the consumers in order to
recover the data of the consumer in case they have lost the data or the data have been misused.
CONCLUSION
In the end it is summarised that the protection of data is very necessary as if the data will
not be kept secured in the bank then the consumer will lose interest within the bank. Thus, this
will result in decrease in the number of consumer and the sales and revenue of bank. Thus, the
present report first analysed the problem of NAB that is the giving of personal data of around
13000 consumers to their data service company.
Further it was highlighted that the major security issues being faced by the company are
like code injection, malicious insiders and many others. Further the different measures
recommended to NAB were discussed like educating the employees, back up the data and many
others. In the end the role of cloud computing like data masking, disaster recovery and so on was
discussed.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
REFERENCES
Books and Journals
Da Veiga, A. and Martins, N., 2017. Defining and identifying dominant information security
cultures and subcultures. computers & security. 70. pp.72-94.
Goodman, S., Straub, D.W. and Baskerville, R., 2016. Information security: policy, processes,
and practices. Routledge.
Gupta, B., Agrawal, D.P. and Yamaguchi, S. eds., 2016. Handbook of research on modern
cryptographic solutions for computer and cyber security. IGI global.
Guseva, Y., 2017. Extraterritoriality of Securities Law Redux: Litigation Five Years after
Morrison v. National Australia Bank. Colum. Bus. L. Rev., p.199.
Parsons, K., and et.al., 2017. The human aspects of information security questionnaire (HAIS-
Q): two further validation studies. Computers & Security. 66. pp.40-51.
Pattinson, M., and et.al., 2017. Managing information security awareness at an Australian bank:
a comparative study. Information & Computer Security.
Srinivas, J., Das, A.K. and Kumar, N., 2019. Government regulations in cyber security:
Framework, standards and recommendations. Future Generation Computer Systems. 92.
pp.178-188.
Online
10 Data security measures you can’t do without. 2016. [Online]. Available through: <
https://www.entrepreneur.com/article/217484>
Books and Journals
Da Veiga, A. and Martins, N., 2017. Defining and identifying dominant information security
cultures and subcultures. computers & security. 70. pp.72-94.
Goodman, S., Straub, D.W. and Baskerville, R., 2016. Information security: policy, processes,
and practices. Routledge.
Gupta, B., Agrawal, D.P. and Yamaguchi, S. eds., 2016. Handbook of research on modern
cryptographic solutions for computer and cyber security. IGI global.
Guseva, Y., 2017. Extraterritoriality of Securities Law Redux: Litigation Five Years after
Morrison v. National Australia Bank. Colum. Bus. L. Rev., p.199.
Parsons, K., and et.al., 2017. The human aspects of information security questionnaire (HAIS-
Q): two further validation studies. Computers & Security. 66. pp.40-51.
Pattinson, M., and et.al., 2017. Managing information security awareness at an Australian bank:
a comparative study. Information & Computer Security.
Srinivas, J., Das, A.K. and Kumar, N., 2019. Government regulations in cyber security:
Framework, standards and recommendations. Future Generation Computer Systems. 92.
pp.178-188.
Online
10 Data security measures you can’t do without. 2016. [Online]. Available through: <
https://www.entrepreneur.com/article/217484>
1 out of 8
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.