SEC571 Final
Project:
Netflix
Student Name
Date
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Guidelines and tips
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community
Ask the community for help and clear up your study doubts
University Rankings
Discover the best universities in your country according to Docsity users
Free resources
Our save-the-student-ebooks!
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
Information Security for Netflix: A Comprehensive SETA Program Implementation Plan, Assignments of Computer Science
A detailed analysis of information security vulnerabilities faced by netflix, focusing on sql injection, cross-site scripting, phishing attacks, brute force attacks, and credential stuffing. It proposes a comprehensive seta (security education, training, and awareness) program as a primary solution to mitigate these threats. A cost-benefit analysis, implementation plan, and legal and ethical considerations for the seta program.
Typology: Assignments
2023/2024
1 / 38
This page cannot be seen from the preview
Don't miss anything!
Often downloaded together
Related documents
Partial preview of the text
Download Information Security for Netflix: A Comprehensive SETA Program Implementation Plan and more Assignments Computer Science in PDF only on Docsity!
SEC571 Final
Project:
Netflix
Student Name Date
Introduction
The maintenance of information security necessitates the use of robust and efficient measures. One potential approach to accomplish this objective is by employing a Skills, Education, Training, and Abilities (SETA) tool. In this presentation, an examination of several vulnerabilities will be undertaken, followed by the proposal of administrative and technical control measures to address those shortcomings. Additionally, I will present a comprehensive strategy outlining the implementation of the proposed control measure, along with a thorough cost-benefit analysis.
Organization Profile
and Problem
Statement
Netflix Organization
- Netflix, created by Reed Hastings and Marc Randolph in Scotts Valley, California, is a subscription-based streaming service. Customers can watch TV and movies commercial-free on an internet-connected device.
- Founded August 29, 1997 renting and selling DVDs through mail from Netflix. After a year, they focused on rentals instead of sales.
- May 29, 2002, went public at $15 per share. The share price is $445 today.
- TV series and movies may now be downloaded to iOS, Android, and Windows 10 devices for offline viewing.
Products & Services Cont.
- Streaming Media
- Video on demand
- Film production
- Film distribution
- Television production
SECURITY VULNERABILITIES
CWE-79 CROSS-SITE SCRIPTING
- Failure or improper neutralization of user-controlled input before it is put into output that is used as a web page that is served to other users.
- In many cases, the attack can start before the target even knows what's happening. Even when users are careful, attackers often use methods like URL encoding or Unicode to hide the bad part of the attack so that the request doesn't look as strange (CWE Team, 2022).
- Once the attacker has inserted the malicious script, they can do a number of bad things, such as: - Send confidential information - Send fraudulent requests to a website on the victim's behalf - Phishing tactics could be used to make sites look like ones that people trust. - The script could take advantage of a weakness in an online browser and take over the victim's computer. This is called “drive-by hacking.”
THREAT
ANALYSIS
Brute Force Attack
- This is a hacking method that uses trial and error on a certain login page. This attack is usually done by bots that try to log in to an account over and over again until they succeed. The hacker will check passwords and passphrases over and over until they find the right one.
- This technique works by figuring out all the possible ways that words could be put together to make a password. The password is then checked to see if it is right. This way of attack takes more time and computing power as the length and complexity of the password change.
Problem Statement
Verizon's 2022 Data Breach Investigations Report found that humans committed 82% of data breaches. It comprises social attacks, errors, and misuse. Phishing attacks are more likely to succeed because they target basic human responses, such as the urge to open correspondence, especially if it arrives in their work inbox or appears to be from a legitimate source or coworkers (2022 Data Breach Investigations Report, 2022). After users provide the needed information, attackers can obtain their PII or SPI. This can harm the company and produce "personal" issues like identity theft, fraud, and scams. Therefore, all companies should create strong and effective cyber prevention measures.
Security Control
Selection
ADMINISTRATIVE CONTROLS
ADMIN. CONTROL OPTION #2-
SETA PROGRAM
Qualitative Analysis
- Using a Security Education, Training, and Awareness (SETA) Program is a very cost-efficient way to improve security.
- Implementing a program could be hard.
- Information security policies, procedures, and best practices should be taught to workers over time.