The report should include the following components:
Phase I: A list of at least ten components of the information system
- POS software
2 POS hardware - Cash drawer
- Bar –code scanner
- Printer
6 Card machine
7 Network devices
8 Hardware for different payment methods
9 Servers and power sources
10 Touch screen or key board
Phase II: A list of at least twenty threats to the different components
Threats to a Point of Sale system (POS)
- POS sofware
a. A hacker can purchase and launch malware attacks on POS systems with out too much effort.
b. POS malwarec an also be easily designed and used to attack multiple businesses systems. - POS hardware
a. Poor installation of the system
not probably maintaining the system - Pin pads
a. Theft of the actual pin pad
b. Theft of customers credit card information - Bar-code scanner
a. Easy to by pass because product just needs to be scanned.
b. Malicious bar code can give access to the keyboard through - Printer
a. If the printer is connected through the wifi, a hacker can connect to it.
b. Documents information theft - Card Reader
a. Skimming the card reader
b. Stealing of customers information. - Network Devices
a. Connection to the network and not having a firewall installed.
b. Anti Virus not installed properly or updated correctly. - Hardware for different payment methods
a. Physical theft of cash in the system
b. Not setting up anti-virus
9.Servers and power sources
a. Any amount of down time during an attack can lead to a potential loss
b. Identity the source of the power they can turn it of
10.Touch screen or keyboard
a The use of a keystroke injection
b. The use of a mouse jack
Phase III: Calculation of the amount of risk of each of these threats
Phase IV: Select the top five threats and identify security controls to address them
The project report should include the following sections:
• Executive Summary
• Overview
• Components of the Information Systems
• Threats
• Risks
• Security controls
• Conclusions