ISY3006 Information Security Assignment Sample

Table of Contents

Executive Summary

Introduction

The Company and Its Stakeholders

Strategic Security Policy

Threats and Vulnerabilities to The Company

Conclusion

References

Executive Summary

Cyber-security has been one of the most important segments of any industry. Since, the adoption of industry 4.0, many industries and organizations have been making use of different procedures and technologies to protect their digital devices such as computers, laptops, servers, networks and database systems against malicious attacks. The property management system has been a leading innovation in the real-estate industry helping individuals and property managers to make better decisions and facilitate better data sharing. But since this industry has to store large and different varieties of data, it becomes one the leading points of cyber-attacks. This report aimed at understanding the different vulnerabilities and threats faced by Australian Property Management, which has been regarded as one of the leading property management companies in Australia and the effects of these threats on the company and its stakeholders. The report also aimed at formulating a strategic security policy for the company to mitigate the chances and effects of cyber-attacks.

Introduction

Cyber threats and cyber-attacks have been a constant drawback for the digital age. Many sectors of the society have adopted internet-based services to carry out traditional tasks. But as organizations have been relying more on computers and other digital devices, these devices have also served as sources prone to cyber-attacks using different methods. According to Tounsi and Rais (2018), new generation cyber threats have been multi-vectored and often multi-segmented because these cyber threats rely on multiple means of attack such as through emails, websites, etc. These types of attacks make use of advanced methodologies such as polymorphic threats, composite threats and advanced persistent threats.

The property management industry has been prone to such attacks because of the vast data storage possessed by it and the different types of data. The industry has been making use of information management system to help clients search for properties, pay their rents, act as a communication channel between customers and agencies and to even carry out various other processes such as maintenance, security systems, etc. This report aims at understanding the many such cyber-threats faced by Australian Property Management which is a property management company based in Melbourne. The report also aims to understand the effects of these cyber-threats on the various stakeholders of the company and also form a strategic policy plan to curb these threats and also mitigate their effects.

The Company and its Stakeholders

Property management operations include various processes such as monitoring various property establishments for several days. According to Baharum, Hwa and Salleh (2016), this occupation includes people from different backgrounds to help fulfil the minimum requirements and the needs of each building or structure. Australian Property Management has been a leading management specialist who cater their customers by helping them sell, purchase and rent properties in the country (Real Estate, n.d.).

In a similar way as other organizations, the stakeholder group of the company include the following members:

1. Investors

2. Property Owners

3. Contractors

4. Government Authorities

5. Local Councils

a. Strategic Security Policy

Over the recent years, many organizations and industries have made use of software management tools to carry out daily processes. The computer information technology has been widely acknowledged and researched as a foundation for information management system software which has been accepted by many industries due to its efficiency, accuracy and its simplicity. Recent trends in information system-based property management systems have replaced traditional processes carried out by different sectors of the society.

According to Mu and Li (2019), the tasks performed by the property information management systems can be divided into two identities namely administrator and household. The administrator can perform various functions including browsing and the querying the various building information, adding and removing data and message handling. But as companies such as the Australian Property Management have been relying extensively on the use of software tools and technologies, they have been prone to many information security problems. Hence, it becomes important to formulate and document effective strategic security policies to help the organization and its stakeholders take effective steps for mitigating security attacks and its effects. Cyber security strategies can be formed for property management organizations by carrying out various functions to understand the key assets to be protected, detecting the threats to those assets and forming responsive and recovery procedures for those threats. Companies such as the Australian Property Management store a wide range of data ranging from personal information of customers, transaction related information, property related information, etc.

According to Constance Izuchukwu (2017), this helps in effective management of the corporate real estate work environment and facilitates procedures such as lease administration, space management and ensures accounting and audits in the company. According to Grundy (2017), the threats related to this information does not only include stealing of data but the risks related to them can be broadly classifies into 6 categories. The first risk includes the risk of overriding security protocols of the property. This can lead to theft of intellectual data of the real estate property. Another risk related to the information systems is ransomware. Real estate information management systems store large values of data making it an ideal point for ransomware attacks. Some cyber attackers cause such attacks for the purpose of disruptions in the property systems such as damaging the CCTC cameras and memory systems. Some cyber-attacks in the real estate industry are linked to the theft of staff information such as personal information and researching details about staff members. Such data can be easy to hack as many organizations depend on the use of wireless systems for data sharing and data storage. Hence, one way to safeguard the data against potential hackers is to make use of wired connections to setup the property management information system.

According to Grundy (2017), an effective way to setup wired connections in organizations such as Australian Property Management can be to utilize Power Over Ethernet (POE) which with the help of innovating standards and protocols can help establish a secure and effective management systems for the company. Another way to protect data against cyber-attackers can be to encrypt the data followed by physical security. The company should also focus on the formation of recovery and response plans for uncontrollable incidents. According to Marie-Noëlle Brisson, Doggendorf and Savoie (2019), recovery and response plans help organizations with the ability to restore normal processes and data when the normal operations are disrupted. These plans should include the importance of the plan, identify the stakeholders who might be affected in situations of a cyber-attack, communication strategies for passing information to the stakeholders, role establishment and communication plans for internal and external factors after the incident.

b. Threats and Vulnerabilities to the Company

Any industry depending on software systems in business planning and process management is prone to various cyber-threats which can be caused in different forms. The property management industry involves a wide range of data of buildings and structures ranging from small hotels or boutiques to larger systems such as commercial buildings and complexes. The company holds large amounts of data belonging to various sources and can be attacked using multiple cyber-attack trends. Recent innovations around the cyber-security developments are helping companies in the digital age to provide data integrity especially in the commercial real estate and property management sectors where data protection forms one of the most essential and key features. The property management systems or building management systems depend on facility managers and security guards with no or minimum background in IT or networking for its management.

As a result to this, these building management systems have led an increasing number of basic security failures in spite of the adoption of smart buildings and intelligent real-estate systems to help reduce energy wastage and adequate security. The cyber security and physical security systems are based on a core shared purpose which is to provide asset protection. But the key to this is to identify the full extent of the asset being protected as these assets provide a vector to the damaging and broader population of organizations. Data breaches have been one of leading trends in cyber-attacks and cyber-threats. Many organizations face the threat of data breaches as these could be caused due to internet and external factors both. Internal factors which could lead to a data breach include incidences of data being leaked accidently by the employees of the industry or to software issues in the databases of the organizations in the industry. External factors which could lead to data breaches include cyber-attackers and cyber-criminals who aim at releasing the organization’s data with the intent of causing harm to the organization’s reputation and customer trust. The past decade has been prone to unforeseen levels of data breaches.

According to Brown and Gardner (n.d.), the property management and real-estate sector includes property managers, brokers and agents, developers, appraisers, multiservice real estate companies and other individuals and agencies which hold huge amounts of third-party information which include confidential pieces of information including the personal information of clients and customers and confidential corporate information such as rental applications, credit reports, leases and rental agreements which collectively form the type of information targeted by cyber-criminals. Ransomware have been another leading attack method found in the real estate sector. These attacks are conducted to in order to achieve possession of data of an individual or an organization so as to demand a ransom to release that data. The Australian Property Management holds a wide range of confidential and personal data which makes its prone to such attacks. Most ransomware attacks in this sector are caused due to a phishing scam which could be through an unpatched computer. This leads to locking the users and the administrators out of the system. The attacker then encrypts the data and is no longer accessible to the organization. Real estate ransomware attacks can be carried out over different schemes.

The possible scenarios of a ransomware attack in the property management sector can be classified under three situations. The first situation being that the cyber criminals can gain access to the regional real estate organization and capture its data. This could lead to a stoppage in the transactions being carried out by the firm including the rental collection and property transactions affecting and damaging the balance sheets for days. The other possible scenario can be that attackers make use of ransomware viruses which infects a system and collects the data before damaging or locking the data. The third case can be the attack on IoT devices so as to gain access to greater facility networks. IoT devices in buildings and other real estate properties are used to sense various parameters and are usually connected through individual networks to the main network. Hence, if attackers can gain hold over these networks, they can attack the main network, leading to ransoming the entire building or property (James Moore, 2020). The property management industry has also been prone to phishing attacks.

According to Heidron and Whaley (2019), an approximate amount of 1 billion dollars was stolen from home buyers and property agencies in 2017. Attackers try to identify target organizations and research for IT and security infrastructure employed by it. Then cyber-criminals plan their attack which is usually conducted through emails making property requests or expressing interest in certain types of properties which contain links and other media which can lead customers and organizations into believing that the data is genuine and accessing it.

Conclusion

Cyber-threats have been a major drawback of internet-based systems. Multiple attack approaches have been employed by cyber-attackers to cause data damage and data thefts. The property management industry has been one of the leading sectors of the society. This industry has been making use of management systems to store user and company data for various purposes. Hence, the number of data breaches and other cyber-attacks have been increasing over the years including ransomware attacks and phishing attacks. But the industry has also been innovating its traditional means of data integrity and cyber-security. Some of the procedures followed in the property management system to safeguard its information management system include formation of better standards and protocols and making use of wired communication mediums to reduce the attacks in network systems.

References

Baharum, Z.A., Hwa, T.K. and Salleh, S.M. 2016. Competency Framework for the Property Management Industry. Environment-Behaviour Proceedings Journal, 1(4), pp.3-12.

Brown, M. and Gardner, R. n.d. Managing real estate cybersecurity. [Online]. Available at: https://www.ey.com/Publication/vwLUAssets/ey-managing-real-estate-cybersecurity/$File/ey-managing-real-estate-cybersecurity.pdf [Accessed on: 24 September, 2020].

Constance Izuchukwu, A. 2017. Management information system for real Estate and property management. International Journal of Computer Science and Mathematical Theory, 3(1).

Grundy, C. 2017. Cybersecurity in the built environment: Can your building be hacked? Corporate Real Estate Journal, 7(1), pp.39-50.

Heidorn, R. and Whaley, E. J. 2019. Why the real estate industry is a prime target for attackers. [Online]. Available at: https://www.infosecurity-magazine.com/opinions/real-estate-prime-target-1-1/ [Accessed on: 24 September, 2020].

Marie-Noëlle Brisson, C.R.E., Doggendorf, D. and Savoie, M. 2019. Cybersecurity of Building Technology: Smart Cities and Smart Buildings Require Smart Protection. Real Estate Issues, 43(1).

Mu, Z. and Li, X., 2019. Analysis and design of property management system based on B/S. In 2019 International Conference on Intelligent Transportation, Big Data & Smart City (ICITBS) (pp. 381-384). IEEE.

Real Estate. n.d. Australian property management. [Online]. Available at: https://www.realestate.com.au/agency/australian-property-management-AEYSOX [Accessed on: 24 September, 2020].

Tounsi, W. and Rais, H. 2018. A survey on technical threat intelligence in the age of sophisticated cyber attacks. Computers & security, 72, pp.212-233.

Remember, at the center of any academic work, lies clarity and evidence. Should you need further assistance, do look up to our Computer Science Assignment Help