Information security

Assignment Help Computer Network Security
Reference no: EM13780001

Information Security

Module Overview:

A computer forensics investigator needs to develop an understanding about security standards and formal procedures within an organisation. This module will provide knowledge in addressing issues around security in the organisational environment. This module aims to introduce the main concept areas around information security and assurance.

Learning Outcomes:

On successful completion of this module, you will be able to:

1. Evaluate the available techniques to secure and manage an information system in a corporate environment.

2. Understand the challenges and evaluate the risks in managing the security of an information system

3. Critically analyse using a threat and risk assessment.

Assignment Part 1 (50%)

Your report should be up to 2,000 words in total.

Title: Security Issues

Assignment

This assignment assesses learning outcome 1:

  • Evaluate the available techniques to secure and manage an information system in a corporate environment.

This will be a report-based assignment, where you will discuss and evaluate issues in information security. Specifically, you must attempt the following tasks...

(a) Describe and critically evaluate the information security techniques available to secure the hardware and operating system platform that supports higher-level applications.

(b) Describe and critically evaluate the information security techniques available to a database administrator, including the tools and technique available to examine historical user actions.

(c) Describe and critically evaluate the information security techniques available to a network engineer in configuring web and email communications, including the option of anonymous communication.

For each task you should be prepared to do your own further research to find additional explanations, diagrams or examples that support or extend the techniques covered in the unit or perhaps alternative techniques not raised in the unit. In either case, as well as describing the technique, you must clearly evaluate its strengths, weaknesses and suitability.

You must fully cite and reference all material you use via the Harvard referencing notation.

Marking scheme

This report will be marked against four distinct criteria...

Technical Knowledge (40%)

This aspect covers the depth, clarity and quality of your technical explanations - which can be drawn from the material in this unit but should be expressed in your own words and using your own examples. Only students showing clear and strong evidence of going beyond the unit materials will get very high marks (see next criterion). The inclusion of good-quality, well-annotated diagrams to support your technical narrative will gain bonus marks.

Research (30%)

This aspect covers the amount, range and quality of wider reading - as evidenced by the citations and references - plus your summary and evaluation of how that new-found knowledge aligns with (or maybe contradicts) the ideas presented in this unit. The quality of Harvard referencing will also be a factor. For good marks here, try and get beyond simple web searches. It is fine to use (good-quality) websites but also incorporate high-quality textbooks and more academic sources such as journal articles and conference papers. Seek advice from the library if needed. Also get a guide to Harvard referencing.

Critical Analysis (20%)

This aspect covers the level to which you go beyond simple explanation ('what it does' issues) and move into evaluation and analysis ('why/why not and when to use' issues). Good marks will be awarded for detailed insights on the strengths and weaknesses of each technique, plus comments upon the most suitable situations to apply these techniques (and when not to).

Presentation & Writing (10%)

This aspect covers issues such as the general quality of writing and spelling, good presentation, neat layout, inclusion of quality diagrams, tables and other non-text items plus evidence of a logical flow and coherence to the whole report (clear introduction, well-structured main body and a firm summary and conclusion).

End of Assignment - Part 1

Part 2 is covered below...

Assignment Part 2 (50%)

Your report should be up to 2,000 words in total

Title: Security Case Study Report

Assignment

This assignment assesses learning outcomes 2 and 3:

  • Understand the challenges and evaluate the risks in managing the security of an information system
  • Critically analyse using a threat and risk assessment.

This will be based on a case study, in which you will demonstrate your ability to manage an information system and conduct threat and risk assessment.

CASE STUDY

'Dog World' is a very successful retailer of all things related to dogs - from canine health care products, dog toys & chews through to dog food & supplements to in-house vet advice and dog books/DVDs. They also have a community bulletin board where local business can advertise canine services (like dog walking or grooming) and local people can advertise puppies for sale or dogs that need re-homing. Each store has a local paper-based board.

The company operates a national chain of 100 out-of-town retail stores plus its own successful website called www.dogworld.com which operates a full e-commerce facility backed up by a multi-terabyte database. The website supports a national (and often international) dog-lovers community chat forum. The website also runs paid-for adverts from other companies in the dog sector.

Each local store has a manager and between 10-15 staff, each with varying degrees of access to the company IT systems. For example, a junior-level sales assistant can only log onto the EPOS (electronic point-of-sale) terminals to make sales (cash or card) and pull up prices and product details. They cannot delete or modify anything nor make refunds. Supervisor level staff can do all this plus make refunds but nothing else. Only managers can modify product data or prices - perhaps because of a local temporary sales event.

All EPOS systems are linked to the central corporate data centre where the central IT team are responsible for uploading and maintaining all product and pricing data and for developing and maintaining the corporate website.

Every member of staff - from local sales assistant to chief executive has email access and their own email address using the format [email protected] - so for example, the chief executive uses [email protected].

The chief executive of Dog World has become very concerned recently about two data theft incidents. Firstly, some confidential corporate data has found its way into the public domain (which could be abused by competitors and suppliers) and secondly, several thousand sets of customer records have been hacked - including personal and card payment details. This latter attack has not been publicized but could obviously seriously damage the company image. The in-house IT staff lack the necessary technical knowledge and skills to get on top of this security problem - much to the annoyance of the chief executive.

So to address this potentially disastrous situation form escalating, the chief executive has contracted you - an information security consultant - to advise him on how to secure the corporate data assets and to highlight and evaluate the different types of threat (internal or external) that the company faces and how to contain or eliminate those risks. You will thus produce a threat & risk assessment, supplemented by recommended solutions and actions.

Specifically, the chief executive has requested that your report covers the following areas:

(a) A brief summary of the 'data architecture' of the company - how/where data is captured, where it is transmitted to/from (and how), where it is stored and how/where it is backed-up and audited. A clearly annotated diagram would greatly help here. (Worth 10%)

(b) A detailed breakdown of all possible 'access points' into that data architecture - both internally by staff at different levels/roles/sites and externally by third parties (customers, competitors, suppliers and malicious attackers). What data can they see and what can they do? (Worth 20%)

(c) A detailed analysis of what risks each 'access point' presents - how could any person (internal or external) exploit that access point for malicious reasons? What damage could they do via that access point? (Worth 20%)

(d) A detailed set of solutions and actions for each identified risk - so as to minimize or ideally eliminate that risk, even if the access point cannot (or perhaps should not) be closed itself. Such solutions and actions could be technical, social, legal, managerial or procedural. (Worth 30%)

(e) A comparison of the company's present and recommended security plan as compared against industry standard IT security frameworks or benchmarks. How well does the company compare now against the best and how will it compare once all your solutions and actions are implemented? (Worth 20%)

See below for the marking scheme and further advice...

The above provides a basic outline of the company. It is expected that you will have to supplement this case study with your own intelligent assumptions and additional research. You must fully document and explain all such assumptions and fully reference any external sources you use via the Harvard referencing system.

Marking scheme

(a) A large, clearly annotated diagram is clearly needed here. It should include all hardware, data communications and servers. This is one aspect where research and intelligent extensions/assumptions come into play. Worth 10%

(b) An 'access point' is defined as any interaction opportunity between the corporate data (including customer personal & card data) and a human user - who could be a member of staff in a local sore, a member of staff at central IT or corporate HQ, an external member of the public looking on the website, an attacker probing the website etc. For each you should list all legitimate access rights and all potential or illegitimate actions. A table may be best to display all this work. Worth 20%

(c) The risks could be accidental data loss or damage to outright hostile and malicious attack - internally or externally. Using the ideas presented in the unit plus your own research, itemize each risk - real or potential - for each type of user and access point. Again, perhaps a tabular layout would help here. Worth 20%

(d) The recommended solutions and actions can come from ideas presented in the unit but for a high mark on this criterion you are strongly advised to conduct your own private research. Every risk should be aligned with a solution or action. Worth 30%

(e) This task firstly demands that you research what IT security frameworks and standards are out there in the real world and then compare the present case study - before and after implementing your recommendations - against these findings. For example, in the unit we discuss a set of guidelines for cloud-based data security. Your job is to find others. Worth 20%

 

 

Reference no: EM13780001

Questions Cloud

Discrimination of younger individuals in the united states : Conduct research, and discuss legislation that has been passed regarding age discrimination of younger individuals in the United States and other countries?
Describe the process of normalization : 1. Describe what a relational database is and why relational databases are needed. 2. Describe the process of normalization and why it is needed.
Define the vpn implementation : explain the differences in attributes you would choose for a pharmaceutical company creating the latest groundbreaking drugs for the consumer market as opposed to the VPN implementation at a private college.
Biological aspects of chronic diseases : Prior to completing this discussion, read the Schneiderman (2004) article, "Psychosocial, Behavioral, and Biological Aspects of Chronic Diseases," and review any relevant Instructor Guidance.
Information security : A computer forensics investigator needs to develop an understanding about security standards and formal procedures within an organisation. This module will provide knowledge in addressing issues around security in the organisational environment. T..
Legal custody of grandchildren : Discuss the factors that influence the decision to assume legal custody of grandchildren. What social supports and interventions exist for custodial grandparents?
Options for accomplishing this goal in lawful manner : What are some options for accomplishing this goal in a lawful manner? How should employers who need employees to be on-call structure these arrangements to conform with the law while minimizing overtime liability?
How did the bretton woods system operate : How did the Bretton Woods system operate? What caused its collapse? Some think the current system of managed but floating rates is too unstable. What would generate the instability?
Identify a current event or contemporary social issue : Identify a current event or contemporary social issue that involves human freedom. Your issue must be broad enough to sustain deep philosophical analysis and must have relevance to your community.

Reviews

Write a Review

Computer Network Security Questions & Answers

  An overview of wireless lan security - term paper

Computer Science or Information Technology deals with Wireless LAN Security. Wireless LAN Security is gaining importance in the recent times. This report talks about how vulnerable are wireless LAN networks without any security measures and also talk..

  Computer networks and security against hackers

This case study about a company named Magna International, a Canada based global supplier of automotive components, modules and systems. Along with the company analysis have been made in this assignment.

  New attack models

The Internet evolution is and is very fast and the Internet exposes the connected computers to attacks and the subsequent losses are in rise.

  Islamic Calligraphy

Islamic calligraphy or Arabic calligraphy is a primary form of art for Islamic visual expression and creativity.

  A comprehensive study about web-based email implementation

Conduct a comprehensive study about web-based email implementation in gmail. Optionally, you may use sniffer like wireshark or your choice to analyze the communication traffic.

  Retention policy and litigation hold notices

The purpose of this project is to provide you with an opportunity to create a document retention policy. You will also learn how to serve a litigation hold notice for an educational institute.

  Tools to enhance password protection

A report on Tools to enhance Password Protection.

  Analyse security procedures

Analyse security procedures

  Write a report on denial of service

Write a report on DENIAL OF SERVICE (DoS).

  Phising email

Phising email It is multipart, what are the two parts? The HTML part, is it inviting the recepient to click somewhere? What is the email proporting to do when the link is clicked?

  Express the shannon-hartley capacity theorem

Express the Shannon-Hartley capacity theorem in terms of where is the Energy/bit and is the psd of white noise.

  Modern symmetric encryption schemes

Pseudo-random generators, pseudo-random functions and pseudo-random permutations

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd