Network Management Security Report for Superb Gift Company

Verified

Added on 2023/06/03

AI Summary

This report provides a comprehensive network security assessment for the Superb Gift Company, evaluating the organization's IT systems, including its mail catalog, website, finance, marketing, logistics, and payment systems. The assessment identifies key vulnerabilities such as SQL injection, cross-site scripting, malware, denial-of-service attacks, and vague policies. It analyzes potential threats like impersonation, system failures, hackers, and natural disasters. The report also conducts risk assessments, considering customer, business, human, and legal risks. It includes an impact analysis of various risks and provides recommendations to mitigate identified vulnerabilities and threats, aiming to improve the company's overall security posture and align with ISO 27001 standards. The assessment considers the implications of the company's recent acquisition by a Chinese distribution company and its expansion into East Asia, highlighting legal and regulatory vulnerabilities.

Network Management Security 0
NETWORK MANAGEMENT SECURITY
By Name
Course
Instructor
Institution
Location
Date

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Network Management Security 1
Table of Contents
2 Introduction..............................................................................................................................2
2.1 Objective...........................................................................................................................2
2.2 Scope.................................................................................................................................3
2.3 Limitation..........................................................................................................................3
3 IT systems characterization......................................................................................................3
3.1 Mail Catalogue System.....................................................................................................3
3.2 Website..............................................................................................................................4
3.3 Finance System.................................................................................................................4
3.4 Marketing system..............................................................................................................4
3.5 Logistics and Distribution.................................................................................................5
3.6 Payment System................................................................................................................5
4 VULNERABILITY ASSESSMENT.......................................................................................6
4.1 Vulnerability Identification...............................................................................................6
4.1.1 Website weaknesses...................................................................................................6
4.1.2 Payment vulnerabilities.............................................................................................7
4.1.3 Network Vulnerabilities.............................................................................................7
4.1.4 Vague Policies...........................................................................................................7
4.1.5 Lack of CIRT.............................................................................................................8
4.1.6 Legal vulnerabilities..................................................................................................8
4.1.7 Data Duplication........................................................................................................8
4.2 Assessment........................................................................................................................9
Website weaknesses.................................................................................................................9
5 Threat Assessment.................................................................................................................12
5.1 Threat Identification........................................................................................................12
5.1.1 Impersonification.....................................................................................................12
5.1.2 System Failures........................................................................................................12
5.1.3 Hackers....................................................................................................................13
5.1.4 DDOS......................................................................................................................13
5.1.5 Insider Jobs..............................................................................................................13
5.1.6 Natural Disaster.......................................................................................................13

Network Management Security 2
5.1.7 Malware...................................................................................................................14
5.1.8 Government Regulations.........................................................................................14
5.2 Threat Assessment..........................................................................................................14
6 Risk Assessment....................................................................................................................17
6.1 Risk Identification...........................................................................................................17
6.1.1 Customer risks.........................................................................................................17
6.1.2 Business failure risks...............................................................................................17
6.1.3 Human risks.............................................................................................................17
6.1.4 ICT Systems and Application..................................................................................18
6.1.5 Legal risks................................................................................................................18
6.1.6 Administrative risks.................................................................................................18
6.2 Risk Analysis..................................................................................................................19
6.3 Impact analysis................................................................................................................20
6.3.1 Human Risks............................................................................................................21
6.3.2 Systems and Applications........................................................................................21
6.3.3 ICT Infrastructure....................................................................................................21
6.3.4 Customer risks.........................................................................................................21
6.3.5 Stock and Inventory.................................................................................................22
6.4 Risk Associated with Law...............................................................................................22
7 overall risk determination......................................................................................................23
8 Control Analysis....................................................................................................................25
9 CONCLUSION......................................................................................................................27
10 Recommendations..................................................................................................................28

Network Management Security 3
1 INTRODUCTION
This risk assessment is conducted for the Superb Gift company in order to have a report on
the assessment of the various risks that can potentially harm the organization. A detailed
vulnerability report is included in the report to point put key weaknesses in the company that can
potentially harm the organization not only in terms of its reputation but also its ability to deliver
its services as prescribed in the service charter. Various threats and threat agents have also been
identified in the report to gauge their impact level when they exploit the vulnerabilities. To make
the recommendations, the vulnerabilities, threats were assessed to determine the risk they portray
to company’s assets and processes (Jones, 2010).
To better conduct the assessment, the ISO 27001 standard on information security
management systems was used as a baseline to identify risk through assessment of vulnerabilities
in the company that does not conform to the security management systems process and practices.
The objective of this reports is as explained below
1.1 OBJECTIVE
i. Identification of exposures within the company that makes the company have risks in
the Information security
ii. Identification of key vulnerabilities in the company
iii. Identification of threats and threat agents that can exploit vulnerabilities in the
company
iv. Provide key recommendation to the company to manage the risks

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Network Management Security 4
1.2 SCOPE
The risk assessment shall only rely on the information about the Superb company as
prescribed in the case study give. The risk assessment is conducted using the ISO 27001
standard guidelines on information security management system detailing how to plan
processes that are meant to deploy and manage security systems to safeguard information
assets of the company.
1.3 LIMITATION
The risk assessment did not go into the nitty-gritty of an audit report and focus only on the
risk assessment based on the case study give and proposed recommendations to help
reduce the risk to manageable levels.
To begin the risk assessment, it is vital to identify the various IT systems. This is as shown
below

Network Management Security 5
2 IT SYSTEMS CHARACTERIZATION
To correctly identify risks, it is vital to identify the various systems and applications that are
critical for the functioning of Superb Gift. The first line of protection against unfavorable
uncertainties is to know yourself (Anie, 2011). This involves scrutinizing the key technology
assets to identify the vulnerabilities in them which shall make the design of control much
effective. The key system in the Superb Gifts is explained below,
2.1 MAIL CATALOGUE SYSTEM
The mail order system contains a catalog of the various Gifts that the company sells. Customers
can view the itemized lists of the gift to buy and make an order through the ordinary mail. Once
the mail is received after some time, the company sends acknowledgment note to the mailer on
the order status. The order is then dispatched to the mailer address together with an invoice for
demanding payments (Szóstek, 2011).
2.2 WEBSITE
The Superb Gifts own a website which again acts as a secondary place where customers can hunt
for the gifts they seek to purchase. The website has a digital catalog of the key gifts that the
company sells. Clients check in the gifts and make orders online for the goods they seek. Once a
potential buyer finds the good he/she seeks, the checkout process where they make payments
using PayPal and credit and or debit cards (Garrido, Sullivan and Gordon, 2010).
2.3 FINANCE SYSTEM
The finance system which is mainly used for accounting purposes such as accounting the
payments from the buyers of the Gifts. The employees also get their systems tied to the finance

Network Management Security 6
system since all the payroll information get accounted from it. This makes the system very key
for the company as it contains critical company and employees’ financial information such as
bank account details (McGuire et al., 2008).
2.4 MARKETING SYSTEM
The marketing system is used to send customized advertisement and coupons to potential
customers. The data is mined from the users who sign up on the website. The big data analysis
ensures there is a high success ratio for the targeted marketing strategies that the company use.
The physical marketing offices are located far away in Bristol hence employees always connect
remotely to the other colleagues in other branches.
With the buyout by the Chinese corporation, new systems will be integrated to ensure smooth
operations (Batchu, Mishra and Rege, 2014).
2.5 LOGISTICS AND DISTRIBUTION
The logistics and distribution of Superb Gift are hosted in the physical depot in South Wales
where the inventory and internal logistics is hosted to facilitate the process of goods transfer.
Once the order has been authenticated at the administration in Bristol, the dispatch order get
processed at the depot where information such as customer shipping address is entered into the
consignment form filled in three copies, once for the depot, the other for driver and the
remaining will be issued to the customer upon receipt of goods and validate they are what he/she
ordered and that the goods are in good shape without any physical damages (Whitman and
Mattord, 2013)

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Network Management Security 7
2.6 PAYMENT SYSTEM
This represents the check-out systems that the company use to facilitate the transfer of money
from the buyer to the company. The company has adopted three payment methods which include
the use of PayPal online money transfer, the use of credit card and also have the option for the
use of credit card to make purchases. All the systems require a secure environment to ensure the
seamless transfer of money to clear the invoices. It is therefore critical for the company to ensure
customer confidential don’t get preyed by hackers, rogue employee or competitor seeking to
tarnish the name of the company (Laurila et al., 2012).

Network Management Security 8
3 VULNERABILITY ASSESSMENT
To critical put the risks identification procedure into perspective, the identification of various
vulnerabilities and threats that can potentially exploit the vulnerabilities is important to be
identified and documented. Best on the documentation case study, assessment focused on the
vulnerabilities identifications first (Shabtai et al., 2010).
3.1 VULNERABILITY IDENTIFICATION
Vulnerabilities represent weaknesses that may be present in a company processes and
procedures. They are key to be identified to ensure the company plan on how to set up controls
for the same and reduce the risks of them being exploited by threats agents. The key
vulnerability identified is explained below(Stonebraker et al., 2013)
3.1.1 Website weaknesses
The Suberb Gift process order via their website which represents a catalog of all the products
being sold by the company with their corresponding prices. The following vulnerabilities exist in
the Superb website,(Agbabian, 2008)
3.1.1.1 SQL Injections
The website has a weakness its configuration of form data processing hence can potentially fell a
victim of SQL injection attacks whereby a user can potentially run codes directly into the
database

Network Management Security 9
3.1.1.2 Cross-site scripting
XSS vulnerabilities are identified in the website configuration of Superb Gift as it can potentially
allow a user run backed scripts into the non-sanitized front-end forms and wreak havoc in the
company website and even drop a whole database.
3.1.2 Payment vulnerabilities
The payment methods adopted by Superb Gift increases the risk of user data being compromised
an. Cybercriminals can spoof user details and send a malicious email containing a verification
code to PayPal user's email. This tricks the user and when he/she click the link in the email,
increases the risk of the account being compromised. Such vulnerabilities can seriously affect the
performance of the company when exploited by sophisticated hackers(Puhakainen and Siponen,
2010).
3.1.3 Network Vulnerabilities
The Superb Gift is exposed to a lot of vulnerabilities in their network. By virtue of being an e-
commerce site, several vulnerabilities can be in existence in their internal networks which can be
disastrous when exploited (Ramgovind, Eloff and Smith, 2010a). The following represent such
vulnerabilities
3.1.3.1 Malware
Malicious software can be wandering around in the company network looking for victims to
deliver their payloads. This is attributed due to the fact that the company lacks a well-structured
procedure to patch their programs and systems hence leaving them very much vulnerable to
exploitation by threat agents (Murugesan, 2008).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Network Management Security 10
3.1.3.2 Denial of Service
The configuration in the company's server is so much vulnerable to attacks such as DDOS. The
servers are not propelling protected by a firewall to properly manage the traffic to and from the
network hence making it susceptible to DDOS attacks. This is a serious vulnerability that can
very much bring down the company’s server when exploited (Liu et al., 2013).
3.1.4 Vague Policies
The company has a defined policy for various processes and procedures. It is however noted that
the depth of the policy and their vagueness presents a weakness in the ability of the employees
and other stakeholders to fully comply with it as there are many assumptions presented in many
clauses. This makes violation to be easy as there are always arguments to make against the
policy. This vulnerability presents legal and ethical vulnerabilities for the company in its ability
to enforce its policies (Michaud and Michaud, 2008).
3.1.5 Lack of CIRT
The company has not set up computer incidence response teams whose responsibility should be
dealing with incidences that emancipate from cybersecurity threats which has been affecting the
company from time to time. Lack of properly functioning CIRT makes the company operations
very much vulnerable to cyber-attacks as no administrative and technical procedure is in place to
respond to them effectively and efficiently within the least time to minimize total downtime
(Silver et al., 2014).
3.1.6 Legal vulnerabilities
The much-hyped buyout of the company to the large Chinese multinational distribution company
who operates globally and now plan to expand their customer base to East Asia. This makes the

Network Management Security 11
merger to be legally vulnerable as several regulatory frameworks will hinder the expansion.
Every region of the world has set up irreducible minimums to companies and corporation
seeking to expand their customer base to such territories. The European Union, for example, has
defined and enforced the General data protection regulation(GDPR) which provides the
framework for companies operating in the European Union to follow. The extension to East
Asia, therefore, presents inconsistency with the GDPR as the East Asian is not a signatory to the
GDPR. This makes the consumer and customer data to be very likely to exposed to third parties
for profit (Laudon and Laudon, 2015).
3.1.7 Data Duplication
With the ongoing hyped about the Chinese buyout, it is inevitable that the employee data must be
migrated to the Chinese server to ensure smooth buyout. This presents a weakness as such
matters as data duplication might arise due to the bad configuration in the database. Such
employees can make the company risks losing its capital due to the payment of ghost worker
(Scarfone and Souppaya, 2009).
3.2 ASSESSMENT
The above-aforementioned vulnerabilities are analyzed and assessed to gauge their level and
impact it could have on the company when exploited. This is summarized in the matrix below,
Vulnerability Vulnerability Statement Level