SIT763 Cyber Security Management: Red Cross Data Breach Analysis

Verified

Added on 2022/10/10

AI Summary

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: CYBER SECURITY MANAGEMENT
Cyber Security Management: Case Study: Australian Red Cross Blood Service data
breach: The value of good communications
Name of the Student:
Name of the University:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1CYBER SECURITY MANAGEMENT
Executive summary
This report reflects the significance of using security risk assessment and business risk
assessment for securing information stored in the server of Australian Red Cross Blood Service,
a blood donation company. The economic cost that, the blood donation company had to ay
include theft of corporate data, theft of personal information, loss in revenue market etc. A detail
security risk assessment and a business risk assessment re conducted in this paper.

2CYBER SECURITY MANAGEMENT
Table of Contents
Security risk assessment..................................................................................................................3
Security risk assessment..............................................................................................................3
Threats and vulnerabilities...........................................................................................................4
Business risk analysis......................................................................................................................5
Summary..........................................................................................................................................6
References........................................................................................................................................7

3CYBER SECURITY MANAGEMENT
Security risk assessment
Security risk assessment
Data breach is referred to as an incident in which data or information are stolen or taken
from the server without informing the owners. The real life case study that has been nominated
for the cyber security threat is Australian Red Cross Blood Service’s personal data hacking
incident occurred on 2017. As per the Australian Information Commissioner’s report, Red Cross
Blood Service failed to secure personal information collected throughout. The case provides a
pointer to identify how the data breaches can be treated using effective security laws and
regulation.
The official website of Australian Red Cross Blood Service allows all individuals to book
for desired appointments for donating blood. The personal and financial data collected from the
people who had appointed are stored in the company server or database. It is duty of the
company owners to secure that information from the external attackers and security breaches.
The different types of cyber attacks that may affect the operational and functional feature of
Australian Red Cross Blood Service are DOS attack, phishing, spoofing etc. The database of the
company contained personal details of more than 550,000 prospective blood donors, who had
entered their personal details in the company website. The company also had backup files,
disaster recovery plan for avoiding future data loss. The entire backup filed were stored and
secured in the public facing web server of the company. In order to store all information a SQL
database was used by the company that had enabled directory list.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4CYBER SECURITY MANAGEMENT
The ongoing response processes of Australian Red Cross Blood Service were not
sufficiently secured. The response from the server side was faster and after identification of the
risks, company temporarily closed their site and engaged technical experts for detail server
analysis.
Threats and vulnerabilities
There are differences between security threats, risks and vulnerabilities. The IT based
threats and vulnerabilities are discriminated into some categories in terms of environmental, site
support, technical and physical. For this nominated real life case scenario the risks those
negatively impacted the functional activities of Australian Red Cross Blood Service are
technical. The technical threats and vulnerabilities Australian Red Cross Blood Service faced
according to their quarterly report are as follows:
Inaccurate procedure: It has been analyzed that, the foreseeable events occurred in the
company were not supported by completed as well as accurate training and documentation.
Unauthorized hardware and modification: Regardless of type, nature and size of
companies, while managing data all unauthorized hardware are needed to be modified as per the
changing requirements. However the company fails to adopt theses respective changes as a result
data breaches occurred.
Hardware errors/ failure: From the quarterly report it has been identified that during
the ongoing or project progress period some hardware level errors and major failures occurred.
Those were addressed and modified but not considering specific technical support as a result the
confidential data were hacked.

5CYBER SECURITY MANAGEMENT
Malicious software: The purpose of using software is to upgrade the system performance
but due to lack of subvert security specification data stored n the server were hijacked and
misused as well.
Business risk analysis
Business risk analysis is a process used to identify, assess and prioritize different
potential business risks. Being competitive and financially strong is important for project as well
as company success. Maintaining cyber security in any kind of business process is much
essential. If the project leaders and other associates fail to consider these aspects then an entire
project will fail to meet the objectives, goals and project aims. It is responsibility of the project
associates to identify proper technology measures and make sure that each integral aspect in the
workplace are all followed. The business risks that may negatively impact the project
functionalities are as follows:
Data leak protection: one of the major cyber security risk or treat that may negatively
impact the business process is lack of security to information. Considering customer insights
proper security to the personal information are needed to be incorporated. If numbers of steps
are not followed to protect these data the entire business process can fail to meet the objectives.
Ransomware protection: The other business process threat that may negatively impact
any company’s revenue model is ransomware attack. It is a kind of malware which encrypts
plain business text into cipher text. Though, there is concept available in business is that use of
cloud server for storing data are safer than others. However, in order to protect data from
external attackers the business owners should make sure that all the data are backed up in
multiple locations.

6CYBER SECURITY MANAGEMENT
It is analyzed that Australian Red Cross Blood Service failed to follow theses
specifications and as a result the stored information were hacked by external attackers and
hijackers and misused as well.
Summary
From the above discussion it has been identified that, Australian Red Cross Blood
Service is facing issues with information management. The company uses SQL database for
storing data. The directory enlists all personal and financial information of the people who have
entered their personal data n the server. Though, the operational and functional activities served
by the company are effective but still security specifications are missed. For securing
information stored in the server proper security measures in terms of encryption, application
firewall, DMZ are essential to be incorporated. In order to improve the security quotes Australian
standard for policy and technical security are needed to be adopted by the company. The
identified security measures will allow only authenticated users to access information from the
server.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7CYBER SECURITY MANAGEMENT
References
Almeshekah, M.H. and Spafford, E.H., 2016. Cyber security deception. In Cyber deception (pp.
23-50). Springer, Cham.
Australian-red-cross-blood-ser. (2019). [online] Available at:
https://campaignbrief.com/australian-red-cross-blood-ser/ [Accessed 6 Aug. 2019].
Bada, M., Sasse, A. M., & Nurse, J. R. (2019). Cyber security awareness campaigns: Why do
they fail to change behaviour?. arXiv preprint arXiv:1901.02672.
Ben-Asher, N. and Gonzalez, C., 2015. Effects of cyber security knowledge on attack
detection. Computers in Human Behavior, 48, pp.51-61.
Gupta, B., Agrawal, D.P. and Yamaguchi, S. eds., 2016. Handbook of research on modern
cryptographic solutions for computer and cyber security. IGI global.
Knowles, W., Prince, D., Hutchison, D., Disso, J.F.P. and Jones, K., 2015. A survey of cyber
security management in industrial control systems. International journal of critical
infrastructure protection, 9, pp.52-80.
Liu, Y., Sarabi, A., Zhang, J., Naghizadeh, P., Karir, M., Bailey, M. and Liu, M., 2015. Cloudy
with a chance of breach: Forecasting cyber security incidents. In 24th {USENIX} Security
Symposium ({USENIX} Security 15) (pp. 1009-1024).
Sun, C.C., Hahn, A. and Liu, C.C., 2018. Cyber security of a power grid: State-of-the-
art. International Journal of Electrical Power & Energy Systems, 99, pp.45-56.