Reference no: EM132909555 , Length: word count:2500
HS3011 Information Security - Holmes Institute
Assessment - Security Hands-On Projects
Analyse and to assess information security risks for business applications and recommend appropriate security mechanisms.
Students will be able to:
1. Understand the challenges and impact of factors that relate to Information Systems security management
2. Demonstrate an understanding of security frameworks, models and standards and their application to different business scenarios,
3. Communicate effectively, information systems' security concepts and controls to both technical and non-technical stakeholders
4. Analyse and to assess information security risks for business applications and recommend appropriate security mechanisms.
5. Work autonomously as well as within group to develop a solution to a business scenario.
6. Understand the ICT profession and the expectations of ICT professionals in information security roles.
Assignment Requirements:
You are required to follow the instructions in each project and provide screen shots for the outcomes in addition to the answers to any provided questions.
PROJECT 1: Case Study
Lake Point Consulting Services (LPCS) provides security consulting and assurance services to over 500 clients across a wide range of enterprises in more than 20 states. A new initiative at LPCS is for each of its seven regional offices to provide internships to students who are in their final year of the security degree program at the local college.
Blue Ridge Real Estate is a state-wide residential and commercial real estate company. Because the company was the victim of several recent attacks, Blue Ridge wants to completely change its network infrastructure. Currently the company has a small IT staff, so they have contracted with LPSC to make recommendations and install the new equipment. First, however, they have asked LPSC to give a presentation to their executive staff about network security.
Task:
1. Write a short report to the executive staff about network security. Include:
a. what it is,
b. why it is important, and
c. how it can be achieved using network devices, technologies, and design elements.
Because the staff does not have an IT background, the report cannot be too technical in nature.
2. Blue Ridge has been working with LPSC and is debating if they should use UTM network security appliances or separate devices (firewall, Internet content filters, NIDS, etc.). Because they appreciated your first presentation, they want your opinion on this subject. Create a memo that outlines the advantages and disadvantages of each approach, and give your recommendation.
PROJECT 2: Case Study
The Information Security Community Site is an online companion to this textbook. It contains a wide variety of tools, information, discussion boards, and other features to assist learners.
• Go to community.cengage.com/Infosec2 and click the Join or Sign in icon to log in.
• Click Forums (Discussion) and
• Click on Security+ Case Projects (6th edition). Read the following case study.
A hospital decided to use cloud computing for processing and storage to save costs. After several months, it was discovered that the cloud provider's storage facilities were compromised and patient information was stolen. The hospital maintained that the cloud provider should be punished and fined for the breach, while the provider responded that it was still the hospital's responsibility under HIPAA to secure patient information and the hospital was ultimately responsible.
Task:
• Who do you think should be responsible? The cloud provider or the hospital?
• If the cloud provider is responsible, then should software companies like Microsoft be held liable for a vulnerability in their software that results in a data breach on a Microsoft server in a LAN?
• Where does the responsibility for the user end and the vendor begin?
PROJECT 3: Web Search Exercises
• Go to a popular online e-commerce site like Amazon.com. Place several items in your shopping cart, and then go to check out. When you reach the screen that asks for your credit card number, right-click on the Web browser and select "Properties." What can you find out about the cryptosystems and protocols in use to protect this transaction?
• Repeat Exercise 1 on a different Web site. Does this site use the same or different protocols? Describe them.
• Perform a Web search for "Symantec Desktop Email Encryption (powered by PGP Technology)." Download and install the trial version. Using the tool and your favorite e-mail program, send a PGP-signed e-mail to your instructor. What looks different in this e-mail compared with your other e-mails?
• Perform a Web search for "Announcing the Advanced Encryption Standard (AES)." Read this document, which is a FIPS 197 standard. Write a short overview of the development and implementation of this cryptosystem.
• Search the Web for "steganographic tools." What do you find? Download and install a trial version of one of the tools. Embed a short text file within an image. In a side-by-side comparison, can you tell the difference between the original image and the image with the embedded file?
PROJECT 4 Antennas
To many users, antennas are just one of life's great mysteries. They know from experience that any antenna is better than having no antenna, and that the higher the antenna is located, the better the reception will be. Yet the antenna is arguably one of the most important parts of a wireless network. Antennas play a vital role in both sending and receiving signals, and a properly positioned and functioning antenna can make all the difference between a wireless LAN operating at peak efficiency or a network that nobody can use. Use the Internet to research antennas for APs. Then answer the following questions:
• What different types of antennas are used?
• What are their strengths?
• What are their weaknesses?
• Which types would be used to concentrate a signal to a more confined area?
• Write a one-page paper on what you find.
Attachment:- Information Security.rar