CSI2102 Information Security of Dance Club Assessment 2 Answer
Unit Code: - CSI2102
Unit Title: - Principles of Information Security
Assignment Title: - Assignment 2:
In the Present scenario it rely heavily on the distribution scheme that ensure the security and integrity of the Dance club. The Recommendations will use the distinguish model to calculate what needs to implemented or alter in order to gain the classification of Information Security. In this Assignment, we gone through the case study. The security is one of the challenges for this Dance club. It is about the Security of the “The dance Club” (All Stars Dance) which is managed by the six staff of the Dance club and it has the 200 members registered. The dance club operated in a dance room situated on the second floor of the three-storey building. Dance club started at evenings between 6pm to 10pm. Dance club are connected with two networked computers on site and printer which is connected through the internet. The new members can join this club by register online on the web portal of the dance club website. In this report we have explained each asset identifies the weightage score. We have also calculated the impact of loss which is cause due to asset in the business. The website of the Dance club is open source CMS. The most challenging work to secure the web portal from threat. Hackers Generally Stole the data from Web Portal. An SQL Injection vulnerability effect any web portal that uses the SQL database. Hackers Execute this SQL Injection for malicious SQL statements.
Information Security assessment and recommendation
- The web portal and its CMS
There are various methods to protect the web portal and its Content management Systems secure. The details steps are discussed below: -
- Vulnerability: - We know that there are many methodologies by which Content Management System can be Secure. It is more important to protect coding practices by certainly a logical first step. This is the area which we studied from many years in which expert insight for making improvement of web application security with no shortage. The threat modelling would be implemented to check clearly what the application is meant to do, check how the application goes and where the vulnerabilities are mostly to exits. Static Analysis keep tracks the logic of the code that is not running and looking for shortfalls of data manipulation and algorithms process before production of the application to be build. ("SANS Institute: Reading Room - Data Loss Prevention", 2019)
- Below are few of the rules for making strong security of the website are as follows:
- Select your plug-ins wisely
- There must be update with urgency.
- Always choose your Content Management Systems with keep in mind about security and functionality.
- Always changes the sources code and track every time.
- Always use strong password.
- Limit the types of file to uploads to non-executables and always keep track them closely.
|System Components||Asset Components||Risk Management Components|
Weightage Factor Analysis
The Weightage factors has been opted to give the numerical value to the asset’s impact on the Dance Club. The first factor is taken on the basis of the payment of the third party and employees. The second factor is based on the maintenance cost to make the customers attractive towards the Dance club. The third factor has been chosen on the basis to optimized the unnecessary expenses on the Dance club. ("Whitman, M.E. and Mattord, H.J. (2012) )
| || CR 1 Impact on Expenses||CR 2 impact on Maintenance||CR 3 Cost to minimize ||Weightage Score|
Employees ID Cards
|Employees Bank Acc Details||0.3||0.2||0.6||39|
|Membership Plan Records||0.4||0.5||0.2||35|
|Members Email records||0.2||0.4||0.1||22|
|Next coming event details||0.3||0.5||0.6||48|
|Employees access Procedures||0.4||0.3||0.6||45|
|Equipment access procedures||0.5||0.7||0.6||60|
|Data maintenance policy||0.1||0.3||0.2||20|
|Online Payment Systems||0.1||0.5||0.6||42|
Schema Classification of asset
The classification schema is the technique of gathering information which is applied on the schema. The Dance club is small business so the information stored at this organization is very small. The three-classification schema is explained below which his used on the asset.
- Internal: There should be banned of carrying the printing materials inside the Dance club If Any members carry any printing material then there must be clearance from Staff of the dance club.
- Public: - Any information Posted on the web Portal must be gone through the process of clearance by the Dance club management. The management must to follows the strict rules in order to ensure the Sensitive information.
- Confidential: - Database storage systems are more sensitive regarding all the information types. It needs to configure initially and make backup it in secure location.
|Classification Category||Description||Marking||Admin Controls||Distribution||Disposal|
|Internal||The Information which shared inside the organization and have small impact on the public||Internal||Not control of admin||Its for Employees ||There is no any action necessary|
|Public||The information which is shared for public ||Public||Not control of Admin||It is for the public and Employees||There is no any action necessary|
|Confidential||The information which has private and secrete information’s of employees||Confidential||Required the authentication to control these categories||It is for those who are associated with the management||The document needs to be shared if hard copy or digital Device information both|
Asset Threat Identification
Risk Impact (Likelihood x Impact Matrix)
Risk Management is one of the important parts of any organizations. Any Aware admin need to aware about these types of risks. To prioritize risk, need to do effectiveness and focused the majority of time and take more efforts on the important risks. A risk always a negative impact. But the size of the impact varies with respect of impact health, time, human life and some other factors. Below the Likelihood impact factor is mentioned for each asset.
|Asset Details|| Classification||Threat||Vulnerability||Counter Measures||Likelihood||Impact||Risk rating||Control process|
Employees ID Cards
|Internal||Details Extortion||Weak employee training||Should give best training||2||4||17||Defend|
|Internal||Information Extortion||Weak software management||Should give best training||3||2||15||Defend|
|Public||Human error||Lack of training||Give proper information||3||3||12||Defend|
|Business partners||Public||Human Error||Information loss||Give proper information||4||2||16||Defend|
|Clients||Public||Information Extortion||Information loss||Share proper information||3||3||14||Defend|
|Employees Records||Internal||Theft||Weak employees training||Training should be at high level||3||3||17||Accept|
|Employees Bank Acc Details||confidential||Theft||Poor software training||Trained and give information||3||4||18||Defend|
|Membership Plan Records||confidential||Theft||Software issue||Deliver proper information||2||3||6||Defend|
|Members Email records||confidential||Theft||Software issues||Proper training required||3||2||8||Defend|
|Next coming details||public||Extorsion ||Weak employees training||Employee need training||4||1||3||Defend|
|News Update||Public||Human error||Weak employees training||Employees need proper training||4||3||10||Defend|
|Employees access Procedures||Internal||Human error||Training required||1||1||11||Defend|
|Equipment access procedures||Internal||Technology issues||Poor software training||Keep always up to date||1||4||8||Accept|
|Data maintenance policy||internal||Software issues||Weak software training||Always keep up to date||2||2||5||Defend|
|Access point||internal||Theft||Technology failures||Give technology training||3||1||3||Accept|
|Printer||internal||Theft||Hardware failures||Always maintain it||4||4||12||Accept|
|Biometric device||confidential||Technology Problem||Hardware failures||Always update the technology||3||3||12||Accept|
|Web Portal||public||Software attacks||Software|
|Antivirus and software security||4||1||16||Defend|
|Online Payment Systems||public||Software issue||Software poor training||Software handling with good trainer||5||3||14||Defend|
It is very important that Dance Club has to implement various key countermeasures. It is also important that in the organization only single staff has authentication to access all the data policies. The manager has authentication to access all the confidential data of the members. The Organizer Manger has only authentication to out the event details on the web portal. To protect from loss of data the web portal should be secure so that the attacker can’t theft any data of employees and misuse it. The latest technology must be used in the Dance club. If any Employee has been out from the company then the Management have to revoked him immediately. (2019)
The Aim of this report to gain the different options that will directly protect the confidentiality of the members information and security of his physical appearance. The Various risk has been discussed above and the potential threats of each assets are listed in table. The Result of the Information security systems analyzed are used then developed the action along with the recommendation of the physical device which is to be installed inside the building and inside Dance Club room. The impact of the various asset was discussed above. The risk rating of asset and counter measures was explained. The report is finalized with certain recommendation for the dance club to gain the integrity and confidentiality of the Personal information of the registered members.