User Account

All Pages

CMT116 Cybersecurity and Risk Management Assignment

Assignment Help Computer Network Security
Reference no: EM132415746

CMT116 - Cybersecurity and Risk Management - Cardiff School of Computer Science and Informatics

Assignment

Scenario

A small family-owned book shop has decided to offer online purchasing. With the addition of an online book store, the company aims to reach a broader audience and increase book sales. The website will enable customers to create an account, store their credit card information for future purchases, keep track of their purchasing history, and receive books anywhere within the UK and Europe.

Having heard of numerous companies falling victim to cyberattacks, the company have decided to hire "Secure Applications Ltd", a security consultant, to test its web application for vulnerabilities. During their investigation:

1) The security analyst found that an SQL query can be executed and customer record/records could be retrieved by appending it to the URL of the website.

2) The security analyst was able to access files stored on the server, and was able to load a remote script and execute it.

3) The security analyst observed that whenever they entered the line
"<script>alert('xss');</script> " in the product search text box, an alert pop up appeared.

In terms of existing security measures taken by the company to protect itself from cyber attacks, the analyst observed anti-virus software was installed on the company server, and each employee was issued an access card. Furthermore, they observed that all the servers used to host the website are kept in a room that all staff have access to.

Part 1
1) Write an individual report of no more than 1500 words describing ALL the threats that the company might be exposed to, based on the vulnerabilities discovered and information provided. For each threat identified suggest countermeasures that the company can implement to reduce the risk the company is exposed to.
a. Summarise the problem
b. Identify threats based on the vulnerabilities found and information provided
c. Propose countermeasure to mitigate risk
d. Considering the nature of data the company will be handling, it needs to be compliant with GDPR regulation. What steps do they need to take to comply with GDPR regulations?

Part 2

2) As a group, conduct qualitative analysis on the top three threats that the company is facing and identify the most appropriate countermeasures to mitigate the risk. Based on your analysis, produce a report for management on the viability of new business expansion, including how the company should handle the risk arising from a web application. Finally, create a security policy that the company should implement to protect itself from cyber attacks. As a group submit a single report of not more than 1500 words, summarising
a. Qualitative risk analysis to identify the most pertinent threats
b. How should the company handle the top three risks arising from the web application?
c. Design of information security policy to implement the risk mitigation strategy

3) In week 12, as a group, give a 5 minute presentation highlighting your recommendation to the senior management on how the company should handle risk. The presentation will be timed and students will be cut off after 5 minutes. The presentation should be prepared keeping in mind it is to be given to senior management, that has a mix of technical as well as non-technical people. The presentation should include
a. Overview of the vulnerabilities and threats.
b. Summary of qualitative risk analysis.
c. The proposed solution to handle risk arising from the threats.
d. Overview of security policy designed.
e. Learnings, reflective summary (challenges, achievements etc)
f. A summary of your skills and expertise as a research team (not as individuals).

Learning Outcomes

1. Determine, establish and maintain appropriate information security governance within an organisation.

2. Identify, analyse, evaluate and manage risks related to different components of an information system (i.e. data, people, processes, hardware, software and network) accounting for current threat landscape.

3. Identify and effectively articulate different types of threat to, and vulnerabilities of, information systems to a range of audiences (e.g. top management, end users, non-technical and technical experts).

4. Critically analyse a wide range of security countermeasures, select and justify appropriate security countermeasures to mitigate risks in an information system.

5. Define and implement effective security policies and processes within an organisation, make and sustain argument; make judgement and propose solutions.

Attachment:- Cybersecurity and Risk Management.rar

Reference no: EM132415746

Questions Cloud

Federalists and anti-federalists : What articles in the constitution points out the compromise shown between the federalists and anti-federalists.
What an example of procrastination : What an example of procrastination when it comes to getting bad grades, lack of studying, and how to improve it Using the following terms
Discuss what you learnt about summarizing datasets : Discuss what you learnt about summarizing datasets - Investigate the relationship between the fields variables Which ship and How much would they pay
Discuss the logic and evidence in order : What would it mean to say the Supreme Court has become a "political" branch? Discuss the logic and evidence in order to evaluate this claim.
CMT116 Cybersecurity and Risk Management Assignment : CMT116 Cybersecurity and Risk Management Assignment Help and Solution, Cardiff School of Computer Science and Informatics - Assessment Writing Service
How vital is the new online media outlets : Discuss how vital is the new online media outlets in distributing news and affecting public opinion in regards to our political arena. What is fake news?
Rise of the internet and the development of blogs : The rise of the Internet and the development of blogs. What are the benefits of these media? What are some negative aspects?
Origins of federalism as a part of american democracy : Explain the origins of federalism as a part of American democracy, and the role of states in decision-making in our government.
How is the universal declaration of human rights : How is the Universal Declaration of Human Rights different from Civil Rights?

Reviews

Write a Review

Computer Network Security Questions & Answers

  Why is security primarily a management issue not a

why is security primarily a management issue not a technological issue? also provide some specific bulleted points on

  How can we identify security risks and assess their levels

So, how can we identify security risks, assess their levels, implement appropriate tests and other controls, and report security test results based on risk?

  Write an information security white paper

Information Technology Security for Small Businesses video from the National Institutes of Standards and Technology

  Geen computing is the study and practice of ecofriendly

1 green computing is the study and practice of ecofriendly computing resources. green computing is often seen

  Automated digital job application system

List down disadvantages that come about having an automated digital job application system

  How can hacking into a company''s system put at risk

Write a few words on how this research connects to the claims and PowerPoint thesis. Write a conclusion statement, which includes a short summary

  Explain the steps you would use to diagnose and repair

Explain the steps you would use to diagnose, and repair if necessary, spyware on the customer's computer. Also, add how you would safeguard the children from uninvited material showing up on the internet.

  List several software security concerns associated writing

List several software security concerns associated writing safe program code. Identify several concerns associated with the use of environment variables/

  What types of information systems does hka use

What types of information systems does HKA use

  What conclusions can you make after using the two methods

Compare and contrast the results from the two methods used to crack the accounts for the three passwords each encrypted by the two hash algorithms. What conclusions can you make after using these two methods?

  Performance measurement guide to information security

Performance Measurement Guide to Information Security. Using this document, identify five measures you would be interested in finding the results from based on your home computing systems and/or network.

  Information and communication technology infrastructure

In this Group Project, assume that you and the members of your group are top managers of a big international company spread over several continents. You decide to rebuild/expand your company's Information and Communication Technology infrastructur..

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd