SBD403_Assessment 2_Brief_Report_Module Due 8 Page 1 of 8 Task Summary Individually, assess a selected event where a security system was attacked, and subsequently compromised (or survived the attack)...

1 answer below »
assessment should be on 2011 attack on sony's playstation network. please include intext citation and 5-6 references. 2500 words are excluding any references


SBD403_Assessment 2_Brief_Report_Module Due 8 Page 1 of 8 Task Summary Individually, assess a selected event where a security system was attacked, and subsequently compromised (or survived the attack) and with information related to the event examine, discuss, and break down the event. Issues that arose, and possible solutions to the issues should also be presented. The report should be around 2500-3000 words in length. Context Security (and the maintenance of security) is an issue that many companies have to consider, often constantly, in order to protect both corporate and user data, assets, and other general information. Breaches of this security have happened in the past, at many different levels. A breach often has many effects, affecting both the consumer and the company. The report you produce will assess your understanding and ability to break down instances of failure within the security space. With the provided case study and resources (as well as other material), you will demonstrate your understanding of complex issues - such as security breaches. ASSESSMENT 2 BRIEF Subject Code and Title SBD403 - Secure by Design Assessment Report - System attack evaluation. Individual/Group Individual Length 2500-3000 Words. Learning Outcomes This assessment addresses the Subject Learning Outcomes outlined at the bottom of this document. Submission Due by 11:55pm AEST Sunday end of Module 8. Weighting 35% Total Marks 100 marks SBD403_Assessment 2_Brief_Report_Module Due 8 Page 2 of 8 This report should cover topics such as: - An example of an SDL model, with appropriate justification and explanation as to why this model should have been followed (or was not followed) and how it would have affected the breach. - The security level of the system at the time of the breach - both at a technical and practical level. Was the system updated regularly? Were users afforded all possible protections? - How effectively risks were mitigated (or not mitigated) and how the company chose to safeguard against those risks. Each of these points should be addressed in detail, as well as evaluated based on their respective successes or failures. You will write a report that also focuses on the positive response of a company, not just the negatives. For example, if the company proceeded in the best possible way (implementing new security procedures, creating two-factor authentication, etc.), the report can address the value of their actions, and not just areas that they underperformed in. Task Instructions This assessment requires you to investigate a case of your choosing (this will require approval from the facilitator, and you need to make sure it is ready for the facilitator to check before the module 6 meeting). You will also need to determine the base failures that led to the issues that the company faced. You will write a report that focuses on the following three areas:  Key Failings - what went wrong, why did it go wrong, and whose responsibility was it? (A system may be responsible; it doesn’t necessarily have to be a person.)  Immediate actions - what actions did the parties affected take, and how effective was their immediate response?  Long-term changes - were there any visible changes from the company? If so, what were they, how effective were they, and how do they stack up against the core concepts covered in this module? These three areas should cover approximately 75% of the overall report. The conclusion of the report should contain no less than 2 recommendations that you would make to the company - in line with existing secure by design principles - which you must justify as well. This conclusion and recommendation section should cover the remaining 25% of the paper. You must directly gather information about the case that you have selected. This is to ensure that you have all the information that you require in order to present your understanding and recommendations. SBD403_Assessment 2_Brief_Report_Module Due 8 Page 3 of 8 You will be assessed on the justification and understanding of the events that took place, as well as how well your recommendations follow Secure by Design principles, and how well they are argued. The quality of your research will also be assessed, you may include references relating to the case, as well as non-academic references. Referencing Referencing is essential for this assessment. A minimum of 10-12 references is required for this, including at least 8 academic sources. (An academic source is one that has been peer-reviewed). Your references will be evaluated for their relevance to the case study. Remember you must ensure that your arguments and justifications are based on sound reasoning and clear relevance. Ensure that you reference according to the appropriate APA style, for citing and referencing information, as well as all appropriate research sources. Please see more information on referencing here: http://library.laureate.net.au/research_skills/referencing Submission Instructions Submit your Assessment 2 Report via the Assessment link in the main navigation menu in SBD403 Secure By Design. Please name your file in the following format: Lastname_First initial_course code_assessment number, e.g., Smith_A_SBD403_A2. The Learning Facilitator will provide feedback via the Grade Centre in the LMS portal. Feedback can be viewed in My Grades. http://library.laureate.net.au/research_skills/referencing SBD403_Assessment 2_Brief_Report_Module Due 8 Page 4 of 8 Assessment Rubric Assessment Attributes Fail (Yet to achieve minimum standard) 0-49% Pass (Functional) 50-64% Credit (Proficient) 65-74% Distinction (Advanced) 75-84% High Distinction (Exceptional) 85-100% Knowledge and understanding of Cyber Attack Reviewing, evaluation, and recommendation in a technical environment. Percentage for this criterion = 40% Demonstrates a partially- developed understanding of Cyber attacks, with the following components:  Incomplete or flawed assessment of the situation; little understanding or reasoning is shown.  Understanding of the immediate actions taken is either not present or poorly explained; there is no explanation of the effect of those actions.  There are either zero, very few, or poorly justified recommendations made regarding the Demonstrates a functional knowledge of Cyber attacks and their response by  Adequate assessment of the situation that occurred; some reasoning or understanding is provided.  Understanding of the immediate actions is present, and discussed at a base level; some explanation of the effects of these actions is present.  A few recommendations have been made, and justified to a small extent. Further consequences or evaluations of these are not considered. Demonstrates proficient knowledge of (Cyber attacks) by  Accurately assessing the situation that occurred. Reasoning and understanding is provided. Some core contributors are highlighted and explained.  Immediate actions are covered in some detail, and discussed to a mid- level. The effects of these actions are discussed, and flow-on effects are touched on.  Some recommendations have been made, with justification and understanding Demonstrates advanced knowledge of (Cyber attacks) by  Assessing the situation in detail. Reasoning, understanding, and justification of decisions (and result) is presented. Core contributors are highlighted and explained in detail.  Immediate actions are completely covered, and discussed to a high level. The effects of these actions, as well as flow-on effects, are discussed in depth, with a particular focus on overall context.  Recommendations are made, backed up with Demonstrates exceptional knowledge of (Cyber attacks) by  Assessing the situation in complete detail. Reasoning, understanding and justification of decisions (and their results) are presented, analysed, and presented. Core contributors are highlighted and explained in complete detail.  Immediate actions are detailed, and discussed at both at a high level and with an understanding of context. The effects of these actions (and their SBD403_Assessment 2_Brief_Report_Module Due 8 Page 5 of 8 presented situation. provided. Some consequences of these recommendations are discussed, and some evidence is provided to support the recommendations. justification and understanding. Consequences of these recommendations are discussed in detail, with benefits against current systems being highlighted and explained with the supporting evidence. flow-on effects) are presented and discussed in context as well.  The recommendations in this report are of a high quality, and address the core issues behind the security breach. Benefits across the systems are highlighted and supported with clear evidence. Evaluation of information selected to support the case study Percentage for this criterion = 30% Limited understanding of key concepts required to support the case study. Confuses logic and emotion. Information taken from reliable sources but without a coherent analysis or synthesis. Some sources may be unreliable at times. Resembles a recall or summary of key ideas. Often conflates/confuses assertion of core issues with information substantiated by evidence from the research/course materials. Supports information substantiated by evidence from the research/course materials. Demonstrates a capacity to explain and apply relevant concepts, in conjunction with using evidence to support these concepts. Discriminates between assertion of personal opinion and information substantiated by robust evidence from the research/course materials and extended reading. Well demonstrated capacity to explain and apply relevant concepts. Systematically and critically discriminates between assertion of issues present and information substantiated by robust evidence from both the research/course materials and extended reading. Information is taken from sources with a high level of interpretation/evaluation to develop a comprehensive SBD403_Assessment 2_Brief_Report_Module Due 8 Page 6 of 8 Viewpoints of experts are taken as fact with little questioning, and source quality is narrow in scope. Analysis and evaluation do not reflect expert judgement, intellectual independence, rigor and adaptability. Viewpoints from experts are broader, with a few different perspectives. Identifies logical flaws in the systems, as well as explaining the seriousness of these flaws. Questions viewpoints of experts, as well as presenting different viewpoints of experts in an accurate manner. Viewpoint of experts are subject to questioning. Analysis and evaluation reflect growing judgement, intellectual independence, rigor and adaptability. critical analysis or synthesis.
Answered 1 days AfterApr 06, 2022Torrens University Australia

Answer To: SBD403_Assessment 2_Brief_Report_Module Due 8 Page 1 of 8 Task Summary Individually, assess a...

Tanisha answered on Apr 08 2022
92 Votes
REPORT
            EVALUATION OF SONY PLAYSTATION CYBER ATTACK
Abstract
    The incident of cyber attack over Sony Play station draws a big attention towards the theft of personal data in such a big digital world. The evaluation of such an attack shows what are the important points that are needed to safeguard the people’s information and maintains a trustworthy relationship between the client and customers. We will focus on different parameters for security risks and further recommendations that can be followed for such security breaches.
Introduction
    Many organiz
ations do experience cyber security attacks when their systems are not under any proper security mechanisms. One of the incident that is of April 2011 where Sony experienced a cyber attack in its online service known as PlayStation Network indulged in the loss of personal information such as credit card information etc. Sony estimated that losses were up to $171 million. We will research on such crisis finding the key points of success and failures regarding security breaches.
Sony PlayStation Case Overview
    Sony found itself in the security breach on April 2011 where executives realized some abnormality activities on the Play station Network with the exposing of customers’ credit card information and other private details. Sony after the breach shutdown the network and got to know about the hacking and invested $170 million to cover up the expenses of stolen data. We will also focus on different models that can help us to understand the hacking case of Sony Play station.
Addressing the Crisis through Model Management
    We can say that the crisis can be labeled as an event where a compromise can be made with regards to some one’s safety, or any community or any customers or any risks or threats that can tarnish the public trust in the organization. So for such a crisis to be maintained, there should be some model management that focuses more on preventing crisis from happening which is called as Anticipatory Model of Crisis Management. AMCM was previously designed to address issues coming from technology used in organization but now it is beyond technology and helps in evaluating the crisis in the organization. Currently AMCM assumptions consists of three measures such as expectations, enactment and an act of control where expectations deals whether one takes proper measures during the likelihood of any mishappenings, enactment deals with the consequences that occurs from the actions that leads to crisis and an act of control that deals with the degree of energy an organization has to handle the crisis. Here the act of control intertwines with expectations and enactments to such a level that expectations will have influence over the enactments and decision made will exert over the crisis situation. These three measures are hierarchical in nature rather than mutually exclusive.
Key Failings
While using the AMCM, we basically use common method as case study. Regarding case study of Sony PlayStation, examiners researched on different news reports and used the logic of AMCM to check the assessment of the decisions made. There are four points that comes up regarding the case. Firstly, Sony failed to provide information to the customers about the breach and also about the stolen of credit card information until a week is over from the mishappenings. They believed that there was no theft made to financial information about the customers. Secondly, Sony did not shut down its network immediately and thirdly, it accused one of the hacker groups inaccurately without any evidence. Fourthly, Sony provided a timeline to make things functional again which never met.
So as per the AMCM, Expectation principle failed as Sony did not provide immediate notification to the customers regarding the stealing of credit card information and the breach that happened. Even enactment principle failed as Sony did not close the network although they knew crisis was still happening and control principle failed as it only owns the network that should be closed if crisis was going on.
Sony was able to control over the security measures that can be taken during the breach and its lack of effective decision system compromise on its public image as well as questions on the security mechanisms. When attackers demonstrated their intentions regarding the security breach, they mentioned that SonyPictures.com was owned by a very simple SQL injection which is one of the basic vulnerability.
Sony blamed an anonymous group as after intrusion they found the file named anonymous in their servers. Further, it set up the timeline to do restoration of the network without doing ample amount of investigation and so it did not meet the expectations.
Immediate Actions Enacted After the Intrusion
    Sony took a week after the crisis to work on the investigation. They realized that there should be some encryption mechanism in security field. Apart from this, they set up the timeline for restoring the network. They used rigid protocols under the control of centralized structures to promote the event – response relationship.
Long Term Changes
Using AMCM mitigation principles for pre-crisis planning is followed. This will emphasize over the identification and clarification of the potential problem areas where there is an inclusion of more trainings towards risk management.
Mostly organization cannot afford primitive methods for the advanced technologies as it does not meet with societal expectations. Interaction through social media or any other outlets can help to get more opinions and allow to take faster and smarter decisions....
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here