Assessment Description:
Answer all the questions below. You should compile a well-constructed, formal written report of no more than 2,000 words that encompasses industry standard and fundamental digital security best practices. The assignment will specify a different scenario on which to base the context of your answers. Whilst your target audience has some level of IT knowledge, they have employed you as the subject expert. Answers to each question should be provided at a level of technical detail sufficient to that target audience in the given scenario. You should apply the knowledge gained from the lectures, and compliment this with your own research in order to demonstrate an understanding of the subject material, explaining the technology and how it applies to the context of the given scenario, providing suitable examples where appropriate.
Question 1: (40 marks)
You have just started a new role as a security specialist at Ruskin College. The college consists of 5 buildings with over 200 members of staff, 2000 students and more than 1000 terminals across 5 computer labs, library and staff workstations as well as one large datacentre including several servers, routers and switches, and network-attached storages. You are responsible for safeguarding and protecting sensitive personal information and digital corporate assets. Also, you must provide solutions to maintain and promote organization digital security infrastructure and security awareness.
Please answer the following questions:
A. As your first task, you have been asked to perform a quantitative risk assessment for Ruskin
College. Describe the steps you must take to conduct the risk assessment. Use your creativity to elaborate the details on the colleges digital assets and their value.
B. To promote convenience and improve availability, students are allowed to use their personal devices to connect to the college network, eLearning and email system and while instructors and staff are mandated to access the college network, eLearning and email system only
through highly regulated and secured university computers. This makes total sense since
instructors and staff have higher privileges in the system, a security breach in staff or
instructor machines might have catastrophic consequences and jeopardize system integrity.
That being said, the instructors’ Outlook emails are being routinely hit by Klez, a type of worm that propagates via e-mail. Klez uses Microsoft Outlook to spread. It grabs a contact name from the address book, and it uses that name in the email header and then propagates itself to all the people in the address book. When one of the victims executes the malicious file, the worm attempts to disable the antivirus software and spread itself to other systems. Doing so opens the system to an attack from other viruses.
Describe, how college access security policies contribute to this issue?
Describe, how can you mitigate this issue with minimum effect to students freedom of
access?
Describe the security threats and attacks that college could face with its current access policy?
C. You have been asked to develop a recovery plan for the college infrastructure in case of a
disaster or critical failure. Describe, what options do you have and how these options can
safeguard college assets and infrastructure?
D. To further promote the security, youve been assigned to implement a private CA structure
for your organization. Ruskin College has seven other large branches and facilities throughout
the country and continuity of secure access to college services is extremely important. How
would you go about implementing this CA structure? Explain your solution.
E. Describe how cryptography can support the core security principles (CIA AAA) in Ruskin
College?
Question 2: (20 marks)
You have just started a new job at Eagles hospital as a security consultant. Eagles hospital has hired
over 500 new people during the last year which raises a concern about the security awareness of the
new hospital personnel. As your first task, you have been asked to promote the security awareness
of the hospital personnel by briefing your colleagues on the computer misuse Act and some other
training workshops.
You should produce a briefing report comprising:
Outlines Computer misuse offenses under misuse Act with real-world examples that
surround your organization (Hospital).
Describes how it safeguards digital security in a hospital environment.
Describes the consequences of breaking the Act.
Question 3: (20 marks)
You have switched your job once again and this time you are working as a security specialist in a
software development company. The company has recently signed a new contact with some private
bank to develop a whole new highly secure banking software to handle financial transactions,
customers’ financial records as well as online banking.
Your first task is to make sure all developments in this project are secure and meet software secure
principles and guidelines.
Create a secure coding checklist for the various component of the banking software by
adopting the OWASP secure coding practices.
Using the OWASP Top 10 security concerns, identifies five different attacks that banking
software applications might be vulnerable to.
Quality of Referencing (10 marks)
You are expected to thoroughly and accurately reference your report using the Harvard referencing
style expected by Anglia University. The report should contain a minimum of 10 references, with up
to 10 marks available for the quality of referencing.
Marks will be deducted for:
lack of referencing in the text
divergence from Harvard referencing style