Cmgt 400 - Security Threat Assessment
Autor: kingkutty • February 11, 2013 • Research Paper • 1,561 Words (7 Pages) • 1,834 Views
Security Threat Assessment
CMGT/400
January 29, 2013
Vijay Jonnalagadda
Security Threat Assessment
Introduction
The purpose of this paper is to describe potential risks and security threats faced today at Chase Bank, one of the world’s largest banking institutions. The author will describe potential risks associated with the information and the related vulnerabilities within the banking organization as well as identifying the forces that drive each threat and the related vulnerabilities presented by each threat.
DDoS Attacks
One of the most prevalent risks that JPMorgan Chase faces today are organized Distributed Denial of Service (DDoS) attacks against its online customer site. A DDoS attack is an attempt to make a website or network unavailable to its’ intended users. According to "DDoS Attacks Against U.S. Banks Peaked At 60 Gbps" (2012), “A group calling itself ‘Izz ad-Din al-Qassam Cyber Fighters’ launched a series of DDoS attacks against the websites of several U.S. banks during September and October (2012), severely disrupting online and mobile banking services for extended periods of time.” These DDoS attacks happened in late 2012 and the group has promised more attacks against U.S. banking institutions including JP Morgan Chase.
DDoS attacks are getting more and more serious to the point that Arbor Networks has speculated about the possibility of a “DDoS Armageddon”. They are referring to a DDoS attack so huge that it can possibly take down the entire internet. JP Morgan Chase will need to continue to assess the risk of DDoS attacks and continue to protect its sites from them.
It has been stated that there is no risk to customer information from DDoS attacks however the availability of the customer website is a huge concern for the company. There is also a possibility of a group using a DDoS attack as a smoke screen for hacking customer accounts. In other words, the DDoS attack can be used as a distraction while real damage is being done. The FBI has warned the public to be aware of DDoS being used in this manner. It’s possible that while a DDoS attack is happening, money can be wired out from the bank and the DDoS attack can prevent the funds from being wired back before being funneled elsewhere.
Phishing and Malware
Phishing is defined as “The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.” Phishing has become more and more sophisticated and attempts
...