Question

In: Operations Management

On the 26th July 2019, National Australia Bank (NAB) which is the 4th largest bank in...

On the 26th July 2019, National Australia Bank (NAB) which is the 4th largest bank in Australia, contacted approximately 13,000 customers to advise that some personal information provided when their account was set up was uploaded, without authorisation, to the servers of two data service companies. NAB’s security teams have contacted the companies, who advise that all information provided to them is deleted within two hours. NAB Chief Data Officer, Glenda Crisp, said the compromised data included customer name, date of birth, contact details and in some cases, a government-issued identification number, such as a driver’s licence number. “We take the privacy and the protection of customer information extremely seriously and I sincerely apologise to affected customers. We take full responsibility,” she said. “The issue was human error and in breach of NAB’s data security policies.” Ms Crisp said it was not a cyber-security issue. No NAB log-in details or passwords have been compromised – and NAB’s systems remain secure. Page | 3 Asia Pacific International College Pty Ltd. Trading as Asia Pacific International College 55 Regent Street, Chippendale, Sydney 2008: 02-9318 8111 PRV12007; CRICOS 03048D Approved: 13/02/2019, Version 1 “Our number one priority is to support our customers. We are moving quickly to proactively contact every person affected.” NAB called, emailed or written to each impacted customer individually. A dedicated, specialist support team was in place, available to them 24/7. If government identification documents need to be reissued, NAB would cover the cost. NAB would also cover the cost of independent, enhanced fraud detection identification services for affected customers. Importantly there is no evidence to indicate that any of the information has been copied or further disclosed. NAB is advising impacted customers that they do not need to take any action with their account. “We have reviewed these customers’ accounts, over and above our rigorous normal checks, and have not identified any unusual activity. We will continue to monitor 24/7 to protect our customers’ accounts,” Ms Crisp said. NAB also notified and was working with industry regulators, including the Office of the Australian Information Commissioner. Ms Crisp said: “We take full responsibility. We can assure you that we understand how this happened and we are making changes to ensure this does not happen again.” On further development, NAB CEO admitted that it is difficult to invest huge amount of money in information security compared to the industry leaders like Microsoft, Google, Amazon. His opinion was to leverage on the infrastructure created by these companies i.e. through cloud computing

1.Overview of the addressed problem

2.Describe common security issues that an auditor needs to investigate

3.Describe NAB’s response to the data breach.

4.Propose information security measures NAB should adopt.

5.Describe the role of cloud computing in information security.

Solutions

Expert Solution

Here main issue is the data has been deleted from the data base of the the 4th largest bank of Australia.
Without the Authorisation of the data server they are now uploading this data after asking around 13k customers about the lost data information.
Main questions of concern:
1. What is the guarantee that only this data has been deleted ?
2. Where there no backs of the data ?
3. What if the the some people who have accessed the database, do it again and delete the data ?
4. What if someone already has access to data base from a long time they have been stealing this data and this was mere mistake from stealers side
5. What if their user id and passwords are hacked ?
6.Why didn't the bank took Security check up?
7. Did the company set an external Auditor and investigating committee to solve the issue and reach to conclusion how did this happen

1. Check if it a software glitch, manual error or Theft. If you hide the information from your clients you would be in much bigger problem like legal issues.
2. Check all the vulnerabilities in the data base
3. Why to start setting up cloud services and keep at least 2-3 servers where back data is stored
4. Involve business unit managers early.
5. Make sure auditors rely on experience, not just checklists.
6. Insist that the auditor's report reflects your organization's risks.
7. Black Box Audits
8. Surprice Inspections
9. take Auditors Hackathon by internal Coders and Software Engineers
10. The risk of service interruption, such as a DoS attack.

NABs response was slightly positive but not corrective action has been ensured by them. No announcement of investigation committee. They said they know the reason, once they said this was a human error, then what action are they taking on the person nothing was disclosed

Cloud computing and storage provides users with capabilities to store and process their data in third-party data centers. Organizations use the cloud in a variety of different service models (with acronyms such as SaaS, PaaS, and IaaS) and deployment models (private, public, hybrid, and community). It is generally recommended that information security controls be selected and implemented according and in proportion to the risks, typically by assessing the threats, vulnerabilities and impacts. Cloud security concerns can be grouped in various ways; Gartner named seven while the Cloud Security Alliance identified twelve areas of concern. Cloud access security brokers (CASBs) are software that sits between cloud users and cloud applications to provide visibility into cloud application usage, data protection and governance to monitor all activity and enforce security policies.

The polices of cloud are prone to securities threat as well

In order to conserve resources, cut costs, and maintain efficiency, cloud service providers often store more than one customer's data on the same server. As a result, there is a chance that one user's private data can be viewed by other users (possibly even competitors). To handle such sensitive situations, cloud service providers should ensure proper data isolation and logical storage segregation.[2]

The extensive use of virtualization in implementing cloud infrastructure brings unique security concerns for customers or tenants of a public cloud service. Virtualization alters the relationship between the OS and underlying hardware – be it computing, storage or even networking. This introduces an additional layer – virtualization – that itself must be properly configured, managed and secured. Specific concerns include the potential to compromise the virtualization software, or "hypervisor". While these concerns are largely theoretical, they do exist. For example, a breach in the administrator workstation with the management software of the virtualization software can cause the whole datacenter to go down or be reconfigured to an attacker's liking.


Related Solutions

Assume that the audit for National Australia Bank Limited (NAB), a financial institution, will be coming...
Assume that the audit for National Australia Bank Limited (NAB), a financial institution, will be coming up for tender. You and your colleagues are required to prepare a client evaluation report based on your research for the senior members of your auditing firm. Your report should provide preliminary information as to whether the auditing firm should consider tendering for the audit of NAB. You should conduct extensive research and perform an analysis of the annual report of National Australia Bank...
On 27 April 2020, National Australia Bank (NAB) announced a dividend cut and a plan to...
On 27 April 2020, National Australia Bank (NAB) announced a dividend cut and a plan to raise $3.5 billion of new capital. Explain the reasons behind NAB's action. How did the market react to this news? (approximately 200 words)
1.The Balance Sheet page for suncorp bank(australia)for 2019 2.The Income Statement Page for suncorp bank(australia)for 2019...
1.The Balance Sheet page for suncorp bank(australia)for 2019 2.The Income Statement Page for suncorp bank(australia)for 2019 3.The Auditors Report which is one or tow pages for suncorp bank for 2019 4.In addition,the page which mention the OFF-BALANCE SHEET ITEM. for suncorp bank for 2019
GENERAL JOURNAL HAVE 14 ENTRIES The investment manager of 4th National Bank invests some of the...
GENERAL JOURNAL HAVE 14 ENTRIES The investment manager of 4th National Bank invests some of the bank’s financial resources in trading securities. During the last quarter of 2018, the following transactions occurred in regard to these trading securities: Nov. 5 Purchased 200 shares of Morgan Company common stock at $86 per share. 19 Purchased 300 shares of Parker Company preferred stock at $63 per share. 29 Sold 100 shares of Morgan Company common stock at $89 per share. Dec. 15...
On 22 February 2019 Philip Lowe, the Governor of the Reserve Bank of Australia, told the...
On 22 February 2019 Philip Lowe, the Governor of the Reserve Bank of Australia, told the house economics committee: "I think this country can have an unemployment rate close to 4.5 per cent [as opposed to the commonly assumed 5, or 5.5 per cent] without wage growth causing problems for inflation." Shortly after, journalist A suggested this is good news for the government. In contrast, two days later, another journalist, journalist B, argued the opposite, that this is bad news...
On 22 February 2019 Philip Lowe, the Governor of the Reserve Bank of Australia, told the...
On 22 February 2019 Philip Lowe, the Governor of the Reserve Bank of Australia, told the house economics committee: “I think this country can have an unemployment rate close to 41 per cent 2 [as opposed to the commonly assumed 5, or 51 per cent] without wage 2 growth causing problems for inflation.” Shortly after, journalist A suggested this is good news for the government. In contrast, two days later, another journalist, journalist B, argued the opposite, that this is...
The 2019 list of the 15 largest banks in the world by assets: Asset Rank Bank...
The 2019 list of the 15 largest banks in the world by assets: Asset Rank Bank (Group) (NYSE Index) Country Total Assets, US $B Balance Sheet 1 Industrial & Commercial Bank of China (ICBC) China 3,912.56 6/30/2019 2 China Construction Bank Corp. (CICHY) China 3,382.42 6/30/2019 3 Agricultural Bank of China (ACGBY) China 3,293.10 6/30/2019 4 Bank of China China 3,241.97 6/30/2019 5 Mitsubishi UFJ Financial Group (MUFG) Japan 2,846.07 6/30/2019 6 JP Morgan Chase & Co (JPM) USA 2,727.38...
On August 1, 2019, the accountant for Western Imports downloaded the company's July 31, 2019, bank...
On August 1, 2019, the accountant for Western Imports downloaded the company's July 31, 2019, bank statement from the bank's Website. The balance shown on the bank statement was $28,860. The July 31, 2019, balance in the Cash account in the general ledger was $13,202. Jenny Irvine, the accountant for Western Imports, noted the following differences between the bank's records and the company's Cash account in the general ledger: An electronic funds transfer for $15,400 from Foncier Ricard, a customer...
On August 1, 2019, the accountant for Western Imports downloaded the company's July 31, 2019, bank...
On August 1, 2019, the accountant for Western Imports downloaded the company's July 31, 2019, bank statement from the bank's Website. The balance shown on the bank statement was $28,670. The July 31, 2019, balance in the Cash account in the general ledger was $14,821. Jenny Irvine, the accountant for Western Imports, noted the following differences between the bank's records and the company's Cash account in the general ledger: An electronic funds transfer for $13,500 from Foncier Ricard, a customer...
On August 1, 2019, the accountant for Western Imports downloaded the company’s July 31, 2019, bank...
On August 1, 2019, the accountant for Western Imports downloaded the company’s July 31, 2019, bank statement from the bank’s website. The balance shown on the bank statement was $28,760. The July 31, 2019, balance in the Cash account in the general ledger was $14,042. Jenny Irvine, the accountant for Western Imports, noted the following differences between the bank’s records and the company’s Cash account in the general ledger: An electronic funds transfer for $14,600 from Foncier Ricard, a customer...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT