Security Audit & Recommendations for GambleBet - USQ CIS2005

Verified

Added on 2023/06/04

AI Summary

This presentation outlines a security audit conducted for GambleBet, a fictitious company experiencing increasing fraud. The audit was initiated by a bank concerned about GambleBet's security practices and potential vulnerabilities. The presentation covers the background and problem analysis, highlighting how GambleBet's website may have been compromised, leading to customer credit card theft. It includes a threat analysis, ranking potential threats and vulnerabilities within the existing network infrastructure. Dependencies and critical success factors for completing the security audit are identified, focusing on policy compliance, risk assessment, and audit planning. The presentation concludes with a set of recommendations for improving GambleBet's security practices, such as implementing firewalls, encryption, TCP/IP protocol, COBIT compliance, establishing an IT security team, conducting regular audits, and using anti-virus software. The presentation references several academic sources to support its analysis and recommendations.

CRICOS QLD00244B NSW 02225M TEQSA:PRF12081
CIS2005 Assignment 3
Security Audit Presentation
Student Name (Student ID)
Student Name (Student ID)
S2 2018

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

CRICOS QLD00244B NSW 02225M TEQSA:PRF12081
Introduction
• The third party ‘NetBest IT Service’ is being hired
by the GambleBet for the management and
delivery of the IT operations for managing the
entire operational activities. GambleBet allows the
different individuals to play bet on the sports under
the government agreed policies

CRICOS QLD00244B NSW 02225M TEQSA:PRF12081
Background and Problem Analysis
• The third party ‘NetBest’ is managing the network for the GambleBet
• The security policy being signed off considering the compliance with the
existing policies of GambleBet
• The third party is responsible for assuring the security of the saved data
and information
• The security of the GambleBet has been compromised and the fraud is
increasing in exponential way every day that needs to be controlled by
certain measures.

CRICOS QLD00244B NSW 02225M TEQSA:PRF12081
Background and Problem Analysis
• As per the agreement, the bank could certainly take the action and
thus, the bank has appointed IT security specialists for the following
accomplishments:
o Review the security of GambleBet IT systems and applications
o Determine whether GambleBet is the source of the fraud
o And if so, report on what can be done to mitigate security issues
now and ongoing to minimise the likelihood of further fraud.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

CRICOS QLD00244B NSW 02225M TEQSA:PRF12081
Background and Problem Analysis
• Possible causes:
• DOS attack
• Website Defacement
• Directory Traversal
• Misconfiguration Attacks

CRICOS QLD00244B NSW 02225M TEQSA:PRF12081
Threat Analysis
• Ranking of the audit
• Universal Scoring of IT
• Final Stage
• Planned Audits
• Application audits treasuring Gamblebet
• Provisioning audit or the SAP user access
• The GambleBet data center security audit
• NextBest system implementation audit
• Availability of the resources and the audit hours

CRICOS QLD00244B NSW 02225M TEQSA:PRF12081
Dependencies and critical success factors
• Identify the vulnerabilities within the existing network infrastructure
• Policy compliance analysis
• Possibilities of risk occurring
• Audit planning
• Analysis and finding of the risks
• Final recommendations and countermeasures

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

CRICOS QLD00244B NSW 02225M TEQSA:PRF12081
Recommendations
• Using Firewall
• Encryption
• TCP/IP protocol
• COBIT compliance
• IT team for managing the security
• Regular audit
• Anti-virus

CRICOS QLD00244B NSW 02225M TEQSA:PRF12081
List of References
Almorsy, M., Grundy, J. and Müller, I., 2016. An analysis of the cloud computing security problem. arXiv
preprint arXiv:1609.01107.
Beberlein, L.T., Dias, G., Levitt, K.N., Mukherjee, B. and Wood, J., 2017. Network attacks and an
Ethernet-based network security monitor.
Hossain, M.M., Fotouhi, M. and Hasan, R., 2015, June. Towards an analysis of security issues,
challenges, and open problems in the internet of things. In Services (SERVICES), 2015 IEEE World
Congress on (pp. 21-28). IEEE.
Lin, I.C. and Liao, T.C., 2017. A Survey of Blockchain Security Issues and Challenges. IJ Network
Security, 19(5), pp.653-659.
Loo, J., Mauri, J.L. and Ortiz, J.H. eds., 2016. Mobile ad hoc networks: current status and future trends.
CRC Press.
Pathan, A.S.K. ed., 2016. Security of self-organizing networks: MANET, WSN, WMN, VANET. CRC
press.
Perlman, R., Kaufman, C. and Speciner, M., 2016. Network security: private communication in a public
world. Pearson Education India.
Stallings, W., 2017. Cryptography and network security: principles and practice (p. 743). Upper Saddle
River, NJ: Pearson.
Stojmenovic, I. and Wen, S., 2014, September. The fog computing paradigm: Scenarios and security
issues. In Computer Science and Information Systems (FedCSIS), 2014 Federated Conference on (pp.
1-8). IEEE.
Zhao, N., Yu, F.R., Li, M., Yan, Q. and Leung, V.C., 2016. Physical layer security issues in interference-
alignment-based wireless networks. IEEE Communications Magazine, 54(8), pp.162-168.