User Account

All Pages

Communicate a range of threats and vulnerabilities

Assignment Help Other Subject
Reference no: EM133676426

Cybersecurity

Assessment - Case Study Report and Presentation: Identification of the Issues Report

Learning Outcome 1: Investigate and analyse the tenets of cybersecurity

Learning Outcome 2: Identify and communicate a range of threats and vulnerabilities to informational assets

Learning Outcome 3: Recommend and justify robust solutions to identified threats and vulnerabilities to cybersecurity

Learning Outcome 4: Develop own professional practice and ethical standards around security issues and implementation of solutions

Assessment Task

Context

Worthy college (from Assessment 1) has now asked you to investigate their business for cybersecurity flaws.
They are prepared to allow you to view any documents you require, and to analyse any software they employ. You also have access to their servers. You can interview any stakeholders including management, staff, students and other third parties. You can also observe any process in the business you please, if you are not too obtrusive. Worthy College is even prepared to allow pentesting if you need it (beware of doing pentesting without legal agreements and make the business aware of the ethical issues associated with pentesting).
This assessment will be a report on your cyber threat discovery. Again, the assessment will notionally be a business report to Worthy College, but it will require academic rigour. The report will be an outline of the cyber threats you "discover". You can write the report as if your investigation uncovered any threats and vulnerabilities you discuss, including threats inherent in the preliminary description below:
The learning software including the database was implemented many years ago by university graduates. The website was built in PHP and the database queries were written using concatenations of strings, e.g.
string sql = "SELECT * FROM Users where UserID =" + userID;
You find that the network topology is very "flat". Critical services, e.g. email/web/database servers, belong to the same subnet as all other functional departments. Almost all online contact at the physical campus, for both staff, students and visitors, is over Wi-Fi on their privately owned devices. Visitors can find the SSID and password on the manager's office wall and there is no physical access restriction to the office. Students have complained that wireless access is very slow.
All passwords, both for staff and students alike, are transmitted and stored in their databases as plain text. For staff, authentication relies solely and completely on passwords. No company policy requires staff to periodically change their password or stipulate any rules about password length or complexity. The college encourages staff to work from home. They join the company's internal network with a VPN software application.
The management has not invested much in cybersecurity. No firewall or intrusion detection/prevention system is in place, and the operating systems they use on both the servers and the computers for staff have not been upgraded for many years. IT management consists of just two staff, Kramer and George. Therefore, there is no dedicated team to monitor network traffic or perform periodic maintenance on IT systems.
Worthy College does not implement any access control. Staff may install any software on their computer at work. All files, sensitive or otherwise, are hosted on an FTP server and can be accessed by all staff through an FTP application of their choice. There is currently no effort to develop the staff's awareness of cybersecurity and there are no training sessions to educate staff on cybersecurity.
In initial discussions, Elaine says Worthy College is willing to pay up to $1,300,000 for extra security. The CFO, Jerry Seinfield, was not happy with this budget and seems to think $700,000 is a more realistic figure.

Instructions

Assessment 2 consists of three parts. All three parts are based on the same case study and are a group assessment.

For Assessment 2, form groups of 2 to 3 members. Please read the attached Assessment 2 Group Work Guide document for information on group formation, registration and administration.

You, as a group, are required to submit a 1500-word report to the managers, who do not have a technical background.
Note that you have only 1500 words, and the report for Part A must address only security issues, so
DO NOT write any solutions.
Your report must be related to the case study and is not a general discussion on cybersecurity. Statements that are not relevant to the business report will not attract marks.
Structure of the group report:
Title Page: Subject code, subject name, assessment number, report title, word count (actual), student name, student ID, Torrens's email address, learning facilitator's name, and enrolled program (e.g., Bachelor of Business Information Systems). The title page has no page number.
The Table of Contents: It should list the report topics using decimal notation. It needs to include the main headings and subheadings with corresponding page numbers, using a format that makes the hierarchy of topics clear. Create the Table of Contents using Microsoft Word's Table of Contents auto-generator rather than manually typing it out. The table of contents starts on a new page.
Executive Summary (approx. 100 words): This should be a short summary of what was done in the report but written as if to the CEO or board members. It is best written after the rest of the report and should be in the past tense. Often upper management only read the executive summary and so it must be a short overview of what was found and presented in the rest of the report. Long-winded, vague discussions about the importance of cybersecurity in today's world etc. will NOT be accepted.
Body of the report (approx. 1300 words): This is an outline of the structure of the report, but do NOT use generic words such as ‘Body of the reports' as section headings. Create meaningful headings and subheadings that reflect the topic and content of your report. The body of your report must address the following tasks:
Identify and discuss at least six (6) vulnerabilities that exist in the company's IT infrastructure
and operation. For each vulnerability, you will,
Discuss potential threats
Discuss an associated possible attack
Discuss the consequence for the business
Create a Table of Threats and clearly summarise the basic points of identified threats, vulnerabilities, and attacks.
Identify the informational assets that need to be protected and build a business case for management to justify investment in cybersecurity.

Conclusion (approx. 100 words): It briefly states the purpose of the report and the key issues investigated. It is crucial to state major findings based on your research and analysis. Only major findings are needed, and they only need to be covered briefly in the conclusion.
Reference list
All referenced material must be properly cited and referenced, including academic sources, books, magazine sources, web sources, images and any other material that is not your work.
It is expected that students perform additional research and provide a minimum of five additional references in the field of cybersecurity.
At least two of the references MUST be of academic quality (peer-reviewed journal or conference articles).Case Study Report and Presentation: Recommendation of Solutions Report

Instructions

Review your Assessment 2 Part A submission, especially the vulnerabilities identified.
You, as a group, are required to submit a 2500-word report to the managers, who do not have a technical background.
Your report must be related to the case study and is NOT a general discussion on cybersecurity. Statements that are not relevant to the business report will not attract marks. It is a report to the business following Part A.
Ensure that the recommendations made in the report are specific, actionable, and based on the case study.
Note that Assessment 2 Part B is not a general discussion on cybersecurity. It is a report to the business following Part A.
Structure of the group report:

Title Page: Subject code, subject name, assessment number, report title, word count (actual), student name, student ID, Torrens's email address, learning facilitator's name, and enrolled program (e.g., Bachelor of Business Information Systems). The title page has no page number.

The Table of Contents: It should list the report topics using decimal notation. It needs to include the main headings and subheadings with corresponding page numbers, using a format that makes the hierarchy of topics clear. Create the Table of Contents using Microsoft Word's Table of Contents auto-generator rather than manually typing it out. The table of contents starts on a new page.

Executive Summary (approx. 100 words): This should be a short summary of what was done in the report but written as if to the CEO or board members. It is best written after the rest of the report and should be in the past tense. Often upper management only read the executive summary and so it must be a short overview of what was found and presented in the rest of the report. Long-winded, vague discussions about the importance of cybersecurity in today's world etc. will NOT be accepted.

Body of the report (approx. 2300 words): This is an outline of the structure of the report, but do NOT use generic words such as ‘Body of the reports' as section headings. Create meaningful headings and subheadings that reflect the topic and content of your report. The body of your report must address the following tasks:

Identify two more vulnerabilities that you "discovered later". Don't go into deep details about these two vulnerabilities.

Update the Table of Threads from Assessment 2 Part A with two extra vulnerabilities (Note: Now the Table of Threads includes eight vulnerabilities in total).

Propose and discuss specific cybersecurity controls (i.e., solutions) to address all eight vulnerabilities identified in Table of Threads. The cybersecurity controls should focus on the following two areas:

Technical solutions in mitigating against recognised threats and enhancing security

The human factor and a robust company-wide policy framework
Create a Table of Solutions and clearly summarise the cybersecurity control suggestions for all identified vulnerabilities. The resulting table should be short and easy to read as a presentation to management. Make sure to include all eight threats and vulnerabilities in the table with useful headings, including the cybersecurity control techniques. This table will be presented to the business as a recommended future plan.

Conclusion (approx. 100 words): It briefly states the purpose of the report and the key issues investigated. It is crucial to state major findings based on your research and analysis. Only major findings are needed, and they only need to be covered briefly in the conclusion.

Reference no: EM133676426

Questions Cloud

How does fires in the mirror connect the past to the present : How does Fires in the Mirror connect the past to the present, engaging audiences with timeless questions about race, identity, and societal change?
How each set of standard address professional collaboration : Describe how each set of standards addresses professional collaboration and student-driven, data-informed instructional decision-making.
Identify a contemporary clinical issue : Identify a contemporary clinical issue, such as opioids in families, infertility, gender variant/non-conforming youth, and transgender youth and families.
Write about the components of authentic assessment : Write about the components of authentic assessment. The second part of your paper will be thoughts on what system would work for you when observing a child.
Communicate a range of threats and vulnerabilities : Case Study Report and Presentation: Identification of the Issues Report and Identify and communicate a range of threats and vulnerabilities to informational
Create a buyer persona founding philosophy house of bolt : Create a buyer persona Founding Philosophy: House of Bolt was founded with a mission to redefine African fashion, making it accessible on a global scale.
Why is it important to complete daily health checks : Why is it important to complete daily health checks? Does your center currently complete formal daily health checks?
Where do we see examples of testimonio in mother tongue : Where do we see examples of testimonio in Mother Tongue? What is testimonio? What is the sanctuary movement? How does it come up in the novel?
Which direction to see the moon : You need one more drawing for your moon journal and forgot about it until 3 am night before it was due! But, you've been pay. Which direction to see the moon?

Reviews

len3676426

4/15/2024 3:48:57 AM

Hello, it's been a long time how are you guys? I need your help with this Assesment 2b please.. Its related to assessment 2a worthy collage case study as well I will also send the assessment 2a group work the reason I send all work is no one doing anything in my group to solve the assessment. Thank you

Write a Review

Other Subject Questions & Answers

  Cross-cultural opportunities and conflicts in canada

Short Paper on Cross-cultural Opportunities and Conflicts in Canada.

  Sociology theory questions

Sociology are very fundamental in nature. Role strain and role constraint speak about the duties and responsibilities of the roles of people in society or in a group. A short theory about Darwin and Moths is also answered.

  A book review on unfaithful angels

This review will help the reader understand the social work profession through different concepts giving the glimpse of why the social work profession might have drifted away from its original purpose of serving the poor.

  Disorder paper: schizophrenia

Schizophrenia does not really have just one single cause. It is a possibility that this disorder could be inherited but not all doctors are sure.

  Individual assignment: two models handout and rubric

Individual Assignment : Two Models Handout and Rubric,    This paper will allow you to understand and evaluate two vastly different organizational models and to effectively communicate their differences.

  Developing strategic intent for toyota

The following report includes the description about the organization, its strategies, industry analysis in which it operates and its position in the industry.

  Gasoline powered passenger vehicles

In this study, we examine how gasoline price volatility and income of the consumers impacts consumer's demand for gasoline.

  An aspect of poverty in canada

Economics thesis undergrad 4th year paper to write. it should be about 22 pages in length, literature review, economic analysis and then data or cost benefit analysis.

  Ngn customer satisfaction qos indicator for 3g services

The paper aims to highlight the global trends in countries and regions where 3G has already been introduced and propose an implementation plan to the telecom operators of developing countries.

  Prepare a power point presentation

Prepare the power point presentation for the case: Santa Fe Independent School District

  Information literacy is important in this environment

Information literacy is critically important in this contemporary environment

  Associative property of multiplication

Write a definition for associative property of multiplication.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd