CMT116 Cybersecurity and Risk Management Assignment

Assignment Help Computer Network Security
Reference no: EM132415746

CMT116 - Cybersecurity and Risk Management - Cardiff School of Computer Science and Informatics

Assignment

Scenario

A small family-owned book shop has decided to offer online purchasing. With the addition of an online book store, the company aims to reach a broader audience and increase book sales. The website will enable customers to create an account, store their credit card information for future purchases, keep track of their purchasing history, and receive books anywhere within the UK and Europe.

Having heard of numerous companies falling victim to cyberattacks, the company have decided to hire "Secure Applications Ltd", a security consultant, to test its web application for vulnerabilities. During their investigation:

1) The security analyst found that an SQL query can be executed and customer record/records could be retrieved by appending it to the URL of the website.

2) The security analyst was able to access files stored on the server, and was able to load a remote script and execute it.

3) The security analyst observed that whenever they entered the line
"<script>alert('xss');</script> " in the product search text box, an alert pop up appeared.

In terms of existing security measures taken by the company to protect itself from cyber attacks, the analyst observed anti-virus software was installed on the company server, and each employee was issued an access card. Furthermore, they observed that all the servers used to host the website are kept in a room that all staff have access to.

Part 1
1) Write an individual report of no more than 1500 words describing ALL the threats that the company might be exposed to, based on the vulnerabilities discovered and information provided. For each threat identified suggest countermeasures that the company can implement to reduce the risk the company is exposed to.
a. Summarise the problem
b. Identify threats based on the vulnerabilities found and information provided
c. Propose countermeasure to mitigate risk
d. Considering the nature of data the company will be handling, it needs to be compliant with GDPR regulation. What steps do they need to take to comply with GDPR regulations?

Part 2

2) As a group, conduct qualitative analysis on the top three threats that the company is facing and identify the most appropriate countermeasures to mitigate the risk. Based on your analysis, produce a report for management on the viability of new business expansion, including how the company should handle the risk arising from a web application. Finally, create a security policy that the company should implement to protect itself from cyber attacks. As a group submit a single report of not more than 1500 words, summarising
a. Qualitative risk analysis to identify the most pertinent threats
b. How should the company handle the top three risks arising from the web application?
c. Design of information security policy to implement the risk mitigation strategy

3) In week 12, as a group, give a 5 minute presentation highlighting your recommendation to the senior management on how the company should handle risk. The presentation will be timed and students will be cut off after 5 minutes. The presentation should be prepared keeping in mind it is to be given to senior management, that has a mix of technical as well as non-technical people. The presentation should include
a. Overview of the vulnerabilities and threats.
b. Summary of qualitative risk analysis.
c. The proposed solution to handle risk arising from the threats.
d. Overview of security policy designed.
e. Learnings, reflective summary (challenges, achievements etc)
f. A summary of your skills and expertise as a research team (not as individuals).

Learning Outcomes

1. Determine, establish and maintain appropriate information security governance within an organisation.

2. Identify, analyse, evaluate and manage risks related to different components of an information system (i.e. data, people, processes, hardware, software and network) accounting for current threat landscape.

3. Identify and effectively articulate different types of threat to, and vulnerabilities of, information systems to a range of audiences (e.g. top management, end users, non-technical and technical experts).

4. Critically analyse a wide range of security countermeasures, select and justify appropriate security countermeasures to mitigate risks in an information system.

5. Define and implement effective security policies and processes within an organisation, make and sustain argument; make judgement and propose solutions.

Attachment:- Cybersecurity and Risk Management.rar

Reference no: EM132415746

Questions Cloud

Federalists and anti-federalists : What articles in the constitution points out the compromise shown between the federalists and anti-federalists.
What an example of procrastination : What an example of procrastination when it comes to getting bad grades, lack of studying, and how to improve it Using the following terms
Discuss what you learnt about summarizing datasets : Discuss what you learnt about summarizing datasets - Investigate the relationship between the fields variables Which ship and How much would they pay
Discuss the logic and evidence in order : What would it mean to say the Supreme Court has become a "political" branch? Discuss the logic and evidence in order to evaluate this claim.
CMT116 Cybersecurity and Risk Management Assignment : CMT116 Cybersecurity and Risk Management Assignment Help and Solution, Cardiff School of Computer Science and Informatics - Assessment Writing Service
How vital is the new online media outlets : Discuss how vital is the new online media outlets in distributing news and affecting public opinion in regards to our political arena. What is fake news?
Rise of the internet and the development of blogs : The rise of the Internet and the development of blogs. What are the benefits of these media? What are some negative aspects?
Origins of federalism as a part of american democracy : Explain the origins of federalism as a part of American democracy, and the role of states in decision-making in our government.
How is the universal declaration of human rights : How is the Universal Declaration of Human Rights different from Civil Rights?

Reviews

Write a Review

Computer Network Security Questions & Answers

  An overview of wireless lan security - term paper

Computer Science or Information Technology deals with Wireless LAN Security. Wireless LAN Security is gaining importance in the recent times. This report talks about how vulnerable are wireless LAN networks without any security measures and also talk..

  Computer networks and security against hackers

This case study about a company named Magna International, a Canada based global supplier of automotive components, modules and systems. Along with the company analysis have been made in this assignment.

  New attack models

The Internet evolution is and is very fast and the Internet exposes the connected computers to attacks and the subsequent losses are in rise.

  Islamic Calligraphy

Islamic calligraphy or Arabic calligraphy is a primary form of art for Islamic visual expression and creativity.

  A comprehensive study about web-based email implementation

Conduct a comprehensive study about web-based email implementation in gmail. Optionally, you may use sniffer like wireshark or your choice to analyze the communication traffic.

  Retention policy and litigation hold notices

The purpose of this project is to provide you with an opportunity to create a document retention policy. You will also learn how to serve a litigation hold notice for an educational institute.

  Tools to enhance password protection

A report on Tools to enhance Password Protection.

  Analyse security procedures

Analyse security procedures

  Write a report on denial of service

Write a report on DENIAL OF SERVICE (DoS).

  Phising email

Phising email It is multipart, what are the two parts? The HTML part, is it inviting the recepient to click somewhere? What is the email proporting to do when the link is clicked?

  Express the shannon-hartley capacity theorem

Express the Shannon-Hartley capacity theorem in terms of where is the Energy/bit and is the psd of white noise.

  Modern symmetric encryption schemes

Pseudo-random generators, pseudo-random functions and pseudo-random permutations

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd