School of Science, Information Technology and Engineering

Student ID: 30127161

Student Name: Gurlal Singh

Course Code: ITECH_7215 Course Name: Information Security

Date Submitted: 11 August, 2015 Lecturer’s Name: Ms. Yuwei Jia

Tutor’s Name: Mr. Danish Faraz Abbasi

ASSIGNMENTTITLE: – Risk Assessment

Feedback/Assessment:

LECTURER’S SIGNATURE: DATE

PLAGIARISM
.

Declaration
Except where appropriately acknowledged, this assignment is my own work, has been
expressed in my own word sand has not previously been submitted for assessment. I have
also retained a copy of this assessment piece form own records.

Signature: Gurlal singh

 MAJOR ASSIGNMENT
ITECH_7215

Risk Assessment.

Contents
ASSIGNMENTTITLE: – Risk Assessment.............................................................................1
1. INTRODUCTION............................................................................................................. 3
2. Threat............................................................................................................................. 3
Malware.............................................................................................................................. 4
3. MITIGATION STRATEGIES.........................................................................................6
5. SITUATIONAL CRIME PREVENTION.............................................................................7
6. Law against Hacktivism...................................................................................................8
7. INTERNATIONAL SCOPE OF HACKTIVISM..............................................................9
8. CONCLUSION................................................................................................................9
REFERNCES......................................................................................................................... 10
 1. Acknowledgement

I am highly indebted especially to my lecturer Miss Yuwei Jia and tutor Mr Danish
Faraz Abbasi for their guidance and support regarding for this assignment. I am
really thankful to all of these for their support regarding the completion for this task.
Again I would like to thanks the teachers and my friends for their guidance and for
their efforts.

INTRODUCTION

From last few decades, the progress in the computer related technology is playing
a critical role in the development of the business either it is government business
or private business. In this world each and every thing has some positive and
negative effects. So computer has also some positive and negative effects for the
business. Computer affected the privacy and security of the business as well as
the individual and groups. Hackers can steal the sensitive information of the
individuals and the business for their personal use. It will be harmful for the
individuals and business. Security threats are increasing day by day such as DOS
(Denial of service), web applications attacks and spam emails.

Huge gesture of spam emails is targeting the Australians regarding that

infringement notice. These emails claim that it is issue by the State Government
of Victoria regarding fines or penalties. This type of email contains a link and
also it affects the computer with malware. These emails claims that you are
caught for over speeding and to know about the invoice just click on the link
below. When some click on link malware affects the computer. The recently
example of these types emails is Australian posts and energy Australia.
Cryptography is the form of malicious malware which is targeting the Australians
recently.

Threat

In these days there are several types of threats which are affect the privacy and security of the
individual and the business and it affected the goodwill of the firm and also affects the
financial positions of the firm. Most of attacks these days performed by the Hacktivists for
their private uses or to harm the business or individuals.

Malware

Malware is a virus that harms the computers. Malware is special designed

malicious software by the hackers to damage the computers and get the
authorization access of the different computers without the consent of the owner.
Hackers specially attack the government and the public websites. The main aim
of the malware attacks is to shut down system and also to steal the sensitive
information of the users with the consent of them. Malware attacks are increasing
day by day. Malware harms the organization financially and also in form of
information. Spyware, Viruses, Worms and key loggers are different types of
viruses which in present in these days (Pc tools, 2015). In site Redirects or
Pharming hackers send some emails to the individual with some links when the
receiver open the email and click on it, he/she redirect to the hacker website
which collects all the personal information of the receiver such as contact name,
bank name, account number, credit card number etc. The given diagram is
showing the percentage of the malware in different forms. (Makrushin, 2014)

Figure 6. Malware practices (n.d)

Web source; http://securelist.com/files/2014/07/Q2-2014-MW_Report_17_en.jpg

Systems it attacks
Huge gesture of spam emails is targeting the Australians regarding that
infringement notice. These emails claim that it is issue by the State Government
of Victoria regarding fines or penalties. This type of email contains a link and
also it affects the computer with malware. These emails claims that you are
caught for over speeding and to know about the invoice just click on the link
below. When some click on link malware affects the computer. The recently
example of these types emails is Australian posts and energy Australia.
Cryptography is the form of malicious malware which is targeting the Australians
recently.

It attacks to different types of computer and laptops. The person who

get these types of emails,and open the email and click the link then automatically
harm to that computer and laptop. It harm the computer and laptops.

MITIGATION STRATEGIES

Data security and privacy is very important factors for each and every
individuals and business. So it is the responsibility of the IT department to
provide high data security and privacy for firms. So to protect the
organization or firms from the attacks an enterprise have to work on better
data stability risk management. The better data stability risk management
could help to a firm to protect their sensitive information from the hackers.
The following measures will define that how organization can protect their
privacy and security.

For site defacement:

1. Anti defacement service can help any organization for better webpage stability. Anti
defacement provides service 24*7 to detect any kind of threat and vulnerability.
2. The most useful method is to apply a verify comparison checksum which hold a hash
protocol to recognize the adjustment in the website text formatted as a HTML page. It
also protect the organization from the hackers..

For Denial of Service attacks:

1. To protect the organization from the DOS attacks, they have to use firewalls to protect
their sensitive data and information.

2. Using of Deploy technology against Denial of Service Attack the also detect the attack.

3. The implementation of Breach Deterrence Techniques is also very supportive to find out
violate when an attack is going to perform.

For Malware attacks:

1. By installing anti virus and updating virus in the computers can help from the malware.
2. The make use of TOR could be employ with antivirus solution and the network filtering
also is very helpful to reduce the malware diffusion.
3. The usual update and organize on the windows executive accounts could stop the attack
of malware since it give the hard consent.
4. The operating system must be regular update..

SITUATIONAL CRIME PREVENTION

The situational Crime Prevention is rising and newly criminology theory that deals
environmental or situational factors which manipulate the hackers behavior of the employees
or out side hackers (Beebe, Rao, 2005). The main aim of the Situational Crime Prevention is
SCP is to detect the crime and also helps to reduce the level of the crime. The following are
the some factors of the Situational Crime Prevention.

 Increase apparent efforts:

The data warehouse and website in this phase could be protected from the attackers by the
firewalls and vulnerability patches. the access of the particular services over the website must
be control by ID and digital certificates.

 Increaseapparent risk:
By the implementation of Intrusion Detection system an organization can reduce
or prevent the attack from the inside or outside attackers.

 Decrease expected rewards:

By implementing DMZs to mail, proxy servers and web of any firm could reduce
chance to decline the attacks.

 Remove excuses:

By staffing experts and skilled employed within the organization against

the crome and also by establish code of ethics within the firm also could
be helpful to detect and to decrease the situational crime.

Law against Hacktivism

No one cannot denied the result of the hacktivism on the organization in form
of financial and also information loss. To create a safe environment there are
some laws have been made and implemented to protect the organization from
the hacktivism.

Electronic Communication Privacy Act: According to Electronic Communication

Privacy Act, the access and storage of data and information of any organization
without the particular access is illegal. So electronic Communication Privacy Act
provides some safety to the organization from the attacks

Australian Law:

Australian law is also providing a safe guard from the attacks. According to
Australian law of the Commonwealth against cybercrime, if an individual or
group going to steal the information, data, frauds to a particular information and
data is a serious offence with the consent of the organization.

Computer Fraud and Abuse Act:

A particular person or group of persons who prepared some specific software or
program which is very harmful or dangers for the computers, computer fraud and
abuse act is used against such type of act. Computer Fraud and abuse Act deal
with the privacy factor and security factor of the organization and the user.

INTERNATIONAL SCOPE OF HACKTIVISM

The scope of the hacktivism at international level is almost half of the others risks and
threats. In this present era, there is no country which is not affected by the hacktivism or
influenced by the hacktivism. According to the following diagram, statistics show the
percentage of the cyber crime, hacktivism, cyber espionage, cyber war and N/A.

Figure7. Statistics showing the percentage of cyberattacks (n.d)

Web source; https://paulsparrows.files.wordpress.com/2014/12/november-2014-

motivations1.png

A case study: In the year 2012, a group of persons to show the anger against the world power
US, they designed a specific DDOS to attack on the US banks. This group called itself Cyber
Fighters of Izz Ad-Din Al Qassam. They break lot of banks and other financial institute. they
also claimed that they are not from a particular country, they are from the several countries.
(Schwartz, 2012)

CONCLUSION

from the above mention we can conclude that with the passing of time the threat of
hacktivism is increasing day by day. Government, individuals and organization are always
victims of the hacktivism. in the above sentences different types of threats, their impact on
international level is discussed in the report. Hackers mainly attacks the government agencies
such as banks and defence and they also target the public organization to steal sensitive
information.

REFERENCES

Schwartz M.J., (Dec. 2012); 9 ways hacktivists shocked the world in 2012; [online article],
Retrieved on June 3, 2015 from http://www.darkreading.com/attacks-and-breaches/9-ways-
hacktivists-shocked-the-world-in-2012/d/d-id/1107923?page_number=2

Beebe N.L., Rao V.S. (Dec, 2005); Using situational crime prevention theory to explain the
effectiveness of information systems security, theory of situational crime prevention. The
University of Texas, San Antonio, p-p 10

Rathod .F (Feb, 2012); understanding of DoS attack, online blog, Retrieved on June 3, 2015
form http://falgunrathod.blogspot.com.au/2012/02/understanding-ddos-attack.html

Pctools (2015); what is malware and how can be prevent it? Online journal, Retrieved on
June 1, 2015 from http://www.pctools.com/security-news/what-is-malware/ 2015
Makrushin D. (Aug, 2014); IT threat evolution Q2 2014; online article, Retrieved on June 1,
2015 from https://securelist.com/analysis/quarterly-malware-reports/65340/it-threat-
evolution-q2-2014/

https://www.microsoft.com/security/portal/mmpc/shared/prevention.aspx