Reference no: EM132928434 , Length: 3000 Words
CIS2005 Principles of Information Security
Security Audit Work Plan / Presentation based on CASE STUDY: Gamble Bet
Course objective 1: analyse information security vulnerabilities and threats and determine appropriate controls that can be applied to mitigate the potential risks
Course objective 2: explain why continual improvement is necessary to maintain reasonably secure information systems and IT infrastructure and to describe the role of disaster recovery and business continuity plans in recovering information and operational systems when systems and hardware fail
Course objective 3: demonstrate an ability to communicate effectively both written and orally about the management of information security in organisations.
You will be expected work collaboratively in developing and discussing their approach to assignment case study and the required Security report and presentation. Regular participation by an individual completing this assignment each week from Monday 7th September until Friday 16th October is expected. An individual will also be required to keep a journal of their activities and progress related to completing this assignment and will form part of the assessment for assignment 3. In date order clearly list the following:
- date of research activity/discussion
- topics researched or discussed
- Time duration of activity.
Submit this journal as an individual as an appendix to the assignment Recommendations report. Any reference to web pages and on line resources such as white papers, blogs, wikis etc. should be listed at the end of the journal.
Regular participation on the discussion forums dedicated for this assessment is highly recommended and can assist greatly with this assessment item. Also note that you are expected to do research outside of the course materials provided.
Case study - Gamble Bet
Your task
As the IT Security Consultant for HackStop assigned to the GambleBet investigation, you are required to put together a high-level security audit work plan for the bank and GambleBet that outlines your approach and methodologies to: (1) review the security of GambleBet and its key third party service providers, and (2) to determine whether GambleBet is the source of the credit card fraud. You also required to deliver your proposed security audit work plan in a Power point presentation.
The Security Audit work plan should be professionally presented and be concise and to the point. Remember, time is of an essence here and the work plan must be signed off as soon as is possible for the actual work to commence. Each day of delay could equate to many more thousands of dollars of fraud incurred by the bank and potentially also by GambleBet.
Any information not provided in the case study may be assumed, but make sure that your assumptions are stated and that the assumptions are plausible.
Security Audit Work-plan Report Structure and Requirements (WORD Document):
The Security Audit work plan should be included in a professionally presented document of no more than 10 pages and be structured to show how each phase of work is to be undertaken. Your work-plan must include the following at a minimum:
1. Executive Summary: half-page brief outlining purpose; scope, expectations and outcomes of the proposed plan of work. (250 words)
Structured and ordered work plan phase description, which for each section includes:
2. Background and problem analysis - What went wrong? How was GambleBet website compromised and customer credit card details stolen ? (approx. 500 words)
3. Threat analysis - What is to be investigated and tested, how it will be done, what sort of potential issues you are looking for, and deliverables GambleBet and their Bank can expect for each phase of work - (eg; the "deliverable" for the phase of work could potentially be a report containing the results of a vulnerability assessment test on GambleBet's server(s) and web applications). (approx. 1000 words)
4. Dependencies and critical success factors to the job - such as key stakeholders in this security audit - the key people to be interviewed or whose involvement in that phase of work is required. (Remember, you don't always get free-rein access to systems and other information and because time is of importance, you won't get a long time to master the environment. But, as you know, you cannot also always believe everything you are told). What is key to getting this job done efficiently and what support do you need to get this done, (from GambleBet, NetBest IT Services and Big Frog Software) (approx. 500 words)
5. Set of recommendations for improving GambleBet's current security practices and ensuring that an appropriate set of controls are put in place (approx. 750 words)
6. Reference list of key sources in particular technical references which support your approach (Not counted in word count)
Note in this report and in the accompanying presentation you are encouraged to make use of appropriate Figures and Tables to emphasise the key points that you are trying make
7. A journal of each team member's (for students completing this assignment individually - your) activities in participating and contributing to the completion of the work plan report and presentation.
Suggested Security Audit Work Plan Report Presentation Structure
Developing a Secure Environment for GambleBet in the Future (POWERPOINT):
Your strategy presentation should be created as if it were an actual presentation you were doing for a real client in relation to your proposed security audit work plan including a set of recommendations and should contain the following at a minimum:
* 1 Slide for an Introduction outlining your team and the organisation you work for
* 2-3 Slides covering Background and problem analysis: A brief summary of where GambleBet is today in regards to security practices and controls in place for their web servers and web applications.
* 2-3 Slides covering the Threat Analysis: A summary of the major threats and associated vulnerabilities and the actions required to reduce the risks associated with these threats and specific vulnerabilities in their web servers and web applications to an acceptable level.
* 2 Slides covering Dependencies and critical success factors to the job: i.e. what is key to getting this job done efficiently and what support do you need to get this done, (e.g. internal business stakeholders, and key third party service providers etc (NetBest IT Services and Big Frog Software.)
* 2 Slides covering your proposed Set of recommendations for improving security practices of GambleBet and its key third party service providers ensuring appropriate controls are in place in relation to their web site and web applications which is core to their business
[The following is also to be included. While not part of a "standard" Industry business presentation, it is there to allow teaching staff to gauge what level of research has been undertaken].
* 1 Slide acknowledging the key authoritative reference sources which underpin the research you have conducted and your approach in the proposed work plan in your proposed business report.
Attachment:- Security Audit Work Plan.rar