Documente Academic
Documente Profesional
Documente Cultură
Information Security in
a Risky World
Group 7
KRITEE SINHA
R.P. HARI HARA KARPAHA RAM
PRIYANKA BHAGAT
2014PGP171
2014PGP308
2014PGP273
2014PGP275
2014PGP404
2014PGP121
2014PGP242
Background
Jashopper.com
Small internet company which hosted an e-commerce
website
Revenue from retailers who paid to place a virtual store
on their website
Stored personal data like name, address, date of birth
and credit card details for carrying out transactions
Sales of 1 billion yen, 20 employees, retailer base of
400 shops, consumer base of 600,000
Might go public to gain funds to grow business
Triggers which caused Mamoru Sekine, CEO of Jashopper.com to look at Secoms security
proposal
Internal - Current IT & information security
assessment
Problem statement
External triggers
As the current security systems are not enough to meet the future needs, how should Mamoru Sekine go about choosing
which security product to use? What are your recommendations?
Alternative - 1
Advanced Housing service
Physical and cyber security
Minimizes threat of viruses and hackers
One rack which could support 8 IP address
which had an Initial cost - 300000 yen and
monthly fee of 300000 yen.
Secoms SDC had state of the art facility
for disaster recovery and security.
Pros
1. Secured hosting
2. IPS and IDS
3. High availability - 24*365
4. Improves Jashopper.coms
current hosting security level
5. No additional manpower needed
to monitor threat of viruses and
attacks and intrusion
6. Economic investment option
Cons
1. Internal information leakage still
feasible
2. Confidentiality level - low , information
leakage is still feasible.
3. Integrity - low level. As the website is
not encrypted, transactional data can be
modified while data transfer. Also
customers may feel insecure about the
website as there is no presence of a
"security logo watermark" on the e-
Alternative - 2
Identification and access control system
+ advanced housing service
Apart from the services of advanced housing the
following services would be added:
Would track data about employee accessing
systems and premises thereby enabling
monitoring of employee activity
Would limit unauthorized access to premises
and systems
ID ONE, TR2, Smart On total cost of 2520000
yen
Pros
All benefits of advanced housing along
with
1. Internal security is strengthened
2. Reduces chance of information
leakage by employees
3. Physically secure premise to prevent
intrusion
4. High confidentiality, integrity and
availability
Cons
Con's
1. Cost is higher
2. Lacks digital certification
Alternative - 3
Assess vulnerability of physical and cyber
security
Analysis of
Organization/system/policies
Physical security
Data access and control
Network security
Would clarify risk tolerance of the company
Evaluate priorities and cost of various security
measures
Identify weaknesses in the network, system,
physical environment which could lead to breach
Cost- 500,000 yen, time - 2 week
Pros
1. Proactive measure
2. Could identify weaknesses in
system
Cons
1. High cost
2. Not entirely necessary
3. Audit result would result in further
investment in security system as systems
cannot be completely up to mark
Points to ponder
The employees
were not well
Their website
The e-Document
70%-80% of
trained about
wasnt secured
Law stipulated
information leak
cyber security and
thereby making it that government
incidents were
information
more vulnerable
required
caused by insiders
security was not a
to attacks. Thus
documents could
hence
priority for them.
digital encryption/
be stored
Identification and
They learnt about
SSL Certification
electronically,
Access control
it from IT
would be a must thereby increasing
Systems will be
magazines,
to protect data
the need for
required
colleagues and
and privacy
protection
security product
vendors.
Recommendation
Based on the evaluation of the alternatives,
the following products from Secom TS are
recommended for Jashopper.com
Key security
parameters
Integrity
Availabilit
y
Confidenti
ality
Thus option 2 along with digital certification is the best product to resolve
Jashopper.Com's security dilemmas
Secom
Thank You!