SEC571 Final Project Deliverable on Netflix

pptx

School

DeVry University, Keller Graduate School of Management *

*We aren’t endorsed by this school

Course

571

Subject

Information Systems

Date

Dec 6, 2023

Type

pptx

Pages

37

Uploaded by aliciamlabonte31

Report
SEC571 Final Project: Netflix Alicia LaBonte September 2023 10/18/2023
Introduction The maintenance of information security necessitates the use of robust and efficient measures. One potential approach to accomplish this objective is by employing a Skills, Education, Training, and Abilities (SETA) tool. In this presentation, an examination of several vulnerabilities will be undertaken, followed by the proposal of administrative and technical control measures to address those shortcomings. Additionally, I will present a comprehensive strategy outlining the implementation of the proposed control measure, along with a thorough cost-benefit analysis.
Executive Summary Information security must be kept up by putting in place strong and effective means. One way to do this is through the use of a SETA tool. During this presentation, I will talk about a number of weaknesses and suggest administrative and technical control methods to deal with these weaknesses. I will also share a plan for how my suggested control will be put into place and a cost-benefit analysis of it.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Organization Profile and Problem Statement
Netflix Organization Netflix, created by Reed Hastings and Marc Randolph in Scotts Valley, California, is a subscription-based streaming service. Customers can watch TV and movies commercial-free on an internet-connected device. Founded August 29, 1997 renting and selling DVDs through mail from Netflix. After a year, they focused on rentals instead of sales. May 29, 2002, went public at $15 per share. The share price is $445 today. TV series and movies may now be downloaded to iOS, Android, and Windows 10 devices for offline viewing.
Products & Services Movies Television shows Original series Documentaries Feature films Electronic games Hidden genre category list system Smart download feature DVD by mail service Next Games
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Products & Services Cont. Streaming Media Video on demand Film production Film distribution Television production
SECURITY VULNERABILITIES
CWE-89 SQL INJECTION Putting in bad SQL code to get unauthorized access to information like secret company data, user lists, or private customer information. Without proper removal or quoting of SQL syntax in user-controllable inputs, the changed query logic could escape security checks or add extra statements that change the back-end database, possibly by running system commands.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
CWE-79 CROSS-SITE SCRIPTING Failure or improper neutralization of user-controlled input before it is put into output that is used as a web page that is served to other users. In many cases, the attack can start before the target even knows what's happening. Even when users are careful, attackers often use methods like URL encoding or Unicode to hide the bad part of the attack so that the request doesn't look as strange (CWE Team, 2022). Once the attacker has inserted the malicious script, they can do a number of bad things, such as: Send confidential information Send fraudulent requests to a website on the victim's behalf Phishing tactics could be used to make sites look like ones that people trust. The script could take advantage of a weakness in an online browser and take over the victim's computer. This is called “drive-by hacking.”
THREAT ANALYSIS
Phishing Attacks Cybercriminals try to get private information like usernames, passwords, and credit card numbers by pretending to be a reliable source or person and communicating digitally. This threat comes from both inside and outside the organization. Phishing attacks can happen to both staff and buyers. The Guardian reported in 2020 that at the height of the Coronavirus pandemic, when more people were using streaming services, about 700 fake websites that looked like Disney+, Netflix, and Hulu were made to trick people who didn't know what was going on. These fake websites offer free services to get people to sign up, and then they steal their personal information and money (Sweney, 2020).
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Brute Force Attack This is a hacking method that uses trial and error on a certain login page. This attack is usually done by bots that try to log in to an account over and over again until they succeed. The hacker will check passwords and passphrases over and over until they find the right one. This technique works by figuring out all the possible ways that words could be put together to make a password. The password is then checked to see if it is right. This way of attack takes more time and computing power as the length and complexity of the password change.
Problem Statement Verizon's 2022 Data Breach Investigations Report found that humans committed 82% of data breaches. It comprises social attacks, errors, and misuse. Phishing attacks are more likely to succeed because they target basic human responses, such as the urge to open correspondence, especially if it arrives in their work inbox or appears to be from a legitimate source or coworkers (2022 Data Breach Investigations Report, 2022). After users provide the needed information, attackers can obtain their PII or SPI. This can harm the company and produce "personal" issues like identity theft, fraud, and scams. Therefore, all companies should create strong and effective cyber prevention measures.
Credential Stuffing Attack Use of stolen account information to get into a server or account. Most of the stolen information is saved credentials from databases. Most of the time, this kind of attack happens when very popular streaming material comes out. At that time, people share passwords the most, which makes it a great time for hackers to strike.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Security Control Selection
ADMINISTRATIVE CONTROLS
ADMIN. CONTROL OPTION #1- NEW HIRE POLICY ACKNOWLEDGMENT Qualitative Analysis Cost Effective Effective way to teach employees about information security rules and the consequences for not following them. Limits a company's legal responsibility for breaches that happen when employees don't follow Information Security Policies.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
ADMIN. CONTROL OPTION #2-SETA PROGRAM Qualitative Analysis Using a Security Education, Training, and Awareness (SETA) Program is a very cost-efficient way to improve security. Implementing a program could be hard. Information security policies, procedures, and best practices should be taught to workers over time.
TECHNICAL CONTROLS
TECHNICAL CONTROL OPTION #1- FIREWALL Qualitative Analysis • Costly to deploy and maintain • Effective defense against remote hacking and Trojan Horses • Monitor network traffic • Maintain privacy of sensitive information • Firewall security benefits outweigh deployment and maintenance costs, making it a must-have.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
TECHNICAL CONTROL OPTION #2- ANTIVIRUS/ANTIMALWARE SOFTWARE Qualitative Analysis • Cost-effective defense • Provides protection from spam, spyware, and viruses • Provides web protection and firewall support • Offers free and paid software options o Free software is not recommended for large businesses Provides limited basic protection No performance guarantee
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
PHYSICAL CONTROLS
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
PHYSICAL CONTROL OPTION-CCTV SURVEILLANCE Qualitative Analysis • Expensive for high-definition cameras and storage capacity • Effective deterrence and aids in prosecution • Insurance premium discounts possible • A power failure might cause cameras to go offline, resulting in lost footage.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
SOLUTION SELECTION Why SETA? Low-cost implementation and maintenance First line of protection for firm information assets is incident prevention, which is often the weakest link Ensure state, federal, and local compliance Protects from Phishing assaults Medium-to-high employee behavior influence o Employee empowerment o Encourages information security culture
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Netflix Risk Matrix Chart
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Implementation Plan
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Implementation Flow Diagram
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Cost-Benefit Analysis (CBA) for Netflix Expectation of a single loss of $4,000,000 The annualized rate of occurrence (ARO) is 90%. Expected loss each year ALE pre-control = $4,000,000 x 0.9 = $3,600,000 The expected yearly loss after control is $0. The cost of Safeguard (SETA Program) every year is $5,000. CBA= $3,600,000-$0-$5000=$3,595,000
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Netflix Solution Validation Each effective cyber attack can cost a company as much as $4,000,000. About 91% of attacks start with a "phishing" email. There is, however, a simple and cheap way to reduce this risk. A Security Education and Training Awareness program (SETA) is the answer to this problem. Information security is only as good as the weakest link in the chain, which is why all employees of a company need to get the right education and training.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Evaluation and Continuous Improvement Many things that could go wrong with computer systems that could compromise their security In order to protect the privacy of private information, it is very important for businesses to use effective management strategies Suggested focusing on the SETA program to help workers learn more about how important information security is and to stress the part that employees play in the process The reason for this is that workers are the weakest link in the chain.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Decommission SETA stands for Systems Engineering and Technical Assistance The SETA Program can never be shut down or decommissioned. Decommissioning is where the program is shut down completely The program is no longer being used by the company
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Legal, Ethical and Cultural Considerations The SETA program will continue to operate in accordance with the ethical and legal rules and standards set out by state, federal, and local agencies. Netflix’s policies will be applied to the resolution of any legal or ethical concerns that may surface.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Incorporation of Feedback I received great feedback from other classmates and my professor. I appreciated what they all had to say. I did use some of the feedback and went back through my presentation and corrected and updated some of it. I did appreciate the feedback and thought it was useful and helped my presentation to be better overall.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Career Enhancement Completing this project helped me to better understand the importance of security throughout corporations. This class/project has given me the knowledge to know what to look for in being able to protect the corporation. One must look at the threats, securities, and the implementation plan to make sure you get the correct protection for your corporation.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Conclusion As evidenced throughout this presentation, a plethora of potential threats exist that pose risks to the security and reliability of information systems. Therefore, it is imperative for firms to adopt effective management practices to ensure the confidentiality of sensitive data. I propose prioritizing the focus on the SETA program as a means to enhance employees' understanding of the importance of information security and emphasize their involvement in the overall process. This phenomenon can be attributed to the fact that employees represent the most vulnerable aspect of the chain.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
References 2022 Data Breach Investigations Report. (2022, July 18). Retrieved from Verizon.com: https://www.verizon.com/business/resources/reports/dbir/ CWE Team, N. N. (2022, June 28). 2022 CWE Top 25 Most Dangerous Software Weaknesses. Retrieved from Common Weakness Enumeration( CWE): https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25.html Netflix Inc (NFLX) stock price & news - Google finance . (2023). Google. https://www.google.com/finance/quote/NFLX:NASDAQ Netflix products & services . (2022). Learn, Code and get Hired. https://www.codercrunch.com/topic/1763218806/netflix-products-services Silva, R. (2023, September 5). What is Netflix? What you need to know about this streaming service . Lifewire. https://www.lifewire.com/overview-of-the-netflix-streaming-service-1847831 Sweney, M. (2020, April 19). Hackers exploit coronavirus lockdown with fake Netflix and Disney+ pages. Retrieved from The Guardian: https://www.theguardian.com/media/2020/apr/
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

In a real estate company.docx
CJ 347 4-1.docx
Data Visualization Project.pdf
Chaitanya Case Study Write -3.docx
Review the seven NAEYC standards topic 1 discussion 2.docx
Risk management.docx
SEC571 Week 6 Project Deliverable Netflix.pptx
SEC571 Week 4 Project Deliverable Netflix.pptx
Task 8.1 - Barrantes.docx
Case 2 - Supply Chain and Enterprise Systems at a Hospital - Copy.docx
Week 8 Reading Comprehension Questions - JDR.doc
BSBPMG426 Assessment Tasks 2 DONE.docx