SBM4304 IS Security and Risk Management, Assignment 3: Applied project

    SBM4304 IS Security and Risk Management
    Semester 2, 2018
    Assignment 3: Applied project
    Due date: Week 13
    Group/individual: Individual assignment
    Word count: 2500
    Weighting: 50%
    Unit learning outcomes: [ULO1], [ULO2], [ULO3] [ULO4], [ULO5], [ULO6] [ULO7]
    Rationale
    Students are required to submit a report of their investigation and laboratory activities
    related to security audits, controls, and BCP planning. In addition, the investigations will
    cover risk analysis and control, and appropriate tools and techniques for these
    investigations.
    Task Specifications
    Each student should select an organisation. The organization must provide information
    systems services to the staff and customers. You have to write a report to answer the
    followings related to the selected organization:
    1. One of the most common malwares in network information systems is ransomware.
    Discuss the working mechanism of ransomware and illustrate any three tools your
    organization can use to tackle the ransomware attack.
    2. Network devices are highly vulnerable and can be exposed. Discuss three types of
    threats against network routers and switches of the selected organization. Illustrate
    how these devices are vulnerable to destruction and abuse.
    3. Assume the organization used Windows server 2012 to host the organization web
    site. Discuss how the organization can ensure the reliability and availability of the
    web service.
    4. Microsoft Exchange server is used by the organization to provide email services to
    the staff. Illustrate the ways the organization used to ensure confidentiality and
    integrity for the staff email (with justification and diagrams).
    5. Discuss and prioritize the threats and the possible types of malware and security
    issues related to web mail and webserver of the selected organization.
    6. One of the primary ways to ensure IT business continuity is to provide redundancy
    and fault tolerance. Propose two approaches your organization can use to improve
    the availability of email server. Justify your answer with the support of diagrams.
    7. Discuss the impact of employee on information security of the selected organization.
    Provide risk management recommendation to reduce the risk of employee.
    Page 2 of 5
    8. Illustrate how the logs records including security, access, and event can be help in
    monitoring and analyzing the web server and email server problems.
    9. Discuss in detail how the audit log reports can be useful for performing auditing
    analysis, supporting the organization’s internal investigations, and indenting
    operational trends and log-term problems. In particular for the email and web server
    issues.
    10. Propose with justification five types of network security devices can be used to
    control security and mitigate threats related to the web and email servers.
    You may need to make some assumptions with the required justifications.
    Report Layout
    The report should be organised using the following headings and guidelines:
    1. A Cover Title Page
    2. Introduction
    – should clearly define the aims and objectives of the report.
    3. ransomware malwares threads against organization Information systems.
    a. working mechanism of ransomware
    b. Three tools to tackle the ransomware attack
    4. Threats against network routers and switches.
    – How routers and switches are vulnerable to destruction and abuse.
    5. Discussion on how the organization can ensure the reliability and availability of the web
    service.
    6. The ways to ensure confidentiality and integrity of the staff email.
    7. Discussion and prioritize the threats and the possible types of malware and security
    issues related to web mail and webserver.
    8. Proposal of two approaches to improve the availability of email servers. (with
    justification and diagrams).
    9. impact of human factors and organizational issues on IS-related security and risk
    management.
    – Risk management recommendations.
    10. Illustration the use of logs records including security, access, event in monitoring and
    analyzing the web server and email server problems.
    11. Discussion in detail the use of audit log reports for performing auditing analysis,
    supporting the organization’s internal investigations, and indenting operational trends
    and log-term problems. In particular for the email and web server issues.
    12. Proposal of five network security devices to control security and mitigate threats
    related to the web and email servers.
    13. Conclusions and Recommendations
    – A summary of your findings and your recommendations regarded the security
    and risk management.
    14. Reference
    Page 3 of 5
    Marking Criteria
    SBM4304 IS Security and Risk Management
    Semester 2, 2018
    Worth 50%
    Student ID: Student Name:
    Assessment
    Attributes
    Level of Attainment
    Fail Pass Credit Distinction High Distinction
    Introduction
    (10%)
    This is not
    relevant to the
    assignment topic.
    Some relevance
    and briefly
    presented.
    Generally
    relevant and
    analysed.
    Topics are
    relevant and
    soundly analysed.
    All topics are
    pertinent and
    covered in depth.
    Ability to think
    critically and source
    material is
    demonstrated
    Demonstrate
    why IS are
    vulnerable to
    destruction,
    error, abuse,
    and system
    quality
    problems
    (10%)
    Inadequate
    understanding of
    why IS are
    vulnerable to
    destruction,
    error, abuse, and
    system quality
    problems; cannot
    discuss concepts
    in own words
    Basic knowledge
    only of why IS
    are vulnerable
    to destruction,
    error, abuse,
    and system
    quality
    problems;
    limited depth of
    basic concepts
    Exhibits breadth
    and depth of
    understanding
    of why IS are
    vulnerable to
    destruction,
    error, abuse,
    and system
    quality
    problems
    Exhibits accurate
    and detailed
    breadth and depth
    of understanding
    of why IS are
    vulnerable to
    destruction, error,
    abuse, and system
    quality problems
    Displays exceptional
    understanding of
    concepts and their
    practical application
    of why IS are
    vulnerable to
    destruction, error,
    abuse, and system
    quality problems
    Identify and
    manage
    organizational
    level ISrelated

    security and
    risks (10%)
    Inadequate
    understanding of
    organizational
    level IS-related
    security and
    risks; cannot
    discuss concepts
    in own words
    Basic knowledge
    only of
    organizational
    level IS-related
    security and
    risks; limited
    depth of basic
    concepts
    Exhibits breadth
    and depth of
    understanding
    of
    organizational
    level IS-related
    security and
    risks
    Exhibits accurate
    and detailed
    breadth and depth
    of understanding
    of organizational
    level IS-related
    security and risks
    Displays exceptional
    understanding of
    concepts and their
    practical application
    of organizational
    level IS-related
    security and risks
    Compare
    general
    management
    controls and
    application
    controls for IS
    (10%)
    Inadequate
    understanding of
    general
    management
    controls and
    application
    controls for IS;
    cannot discuss
    Basic knowledge
    only of general
    management
    controls and
    application
    controls for IS;
    limited depth of
    basic concepts
    Exhibits breadth
    and depth of
    understanding
    of general
    management
    controls and
    application
    controls for IS
    Exhibits accurate
    and detailed
    breadth and depth
    of understanding
    of general
    management
    controls and
    application
    Displays exceptional
    understanding of
    concepts and their
    practical application
    of general
    management
    controls and
    application controls
    Page 4 of 5
    concepts in own
    words
    controls for IS for IS
    Develop and
    document
    IS/IT risk and
    security
    management
    plans (10%)
    Inadequate
    understanding of
    IS/IT risk and
    security
    management
    plans; cannot
    discuss concepts
    in own words
    Basic knowledge
    only of IS/IT risk
    and security
    management
    plans; limited
    depth of basic
    concepts
    Exhibits breadth
    and depth of
    understanding
    of IS/IT risk and
    security
    management
    plans
    Exhibits accurate
    and detailed
    breadth and depth
    of understanding
    of IS/IT risk and
    security
    management
    plans
    Displays exceptional
    understanding of
    concepts and their
    practical application
    of IS/IT risk and
    security
    management plans
    Evaluate the
    IS-related
    security and
    risk
    management
    techniques
    required to
    ensure the
    reliability,
    confidentiality
    , availability,
    integrity and
    security of
    digital
    business
    processes
    (10%)
    Inadequate
    understanding of
    IS-related
    security and risk
    management
    techniques
    required to
    ensure the
    reliability,
    confidentiality,
    availability,
    integrity and
    security of digital
    business
    processes;
    cannot discuss
    concepts in own
    words
    Basic knowledge
    only of ISrelated
    security
    and risk
    management
    techniques
    required to
    ensure the
    reliability,
    confidentiality,
    availability,
    integrity and
    security of
    digital business
    processes;
    limited depth of
    basic concepts
    Exhibits breadth
    and depth of
    understanding
    of IS-related
    security and risk
    management
    techniques
    required to
    ensure the
    reliability,
    confidentiality,
    availability,
    integrity and
    security of
    digital business
    processes
    Exhibits accurate
    and detailed
    breadth and depth
    of understanding
    of IS-related
    security and risk
    management
    techniques
    required to ensure
    the reliability,
    confidentiality,
    availability,
    integrity and
    security of digital
    business processes
    Displays exceptional
    understanding of
    concepts and their
    practical application
    of IS-related security
    and risk
    management
    techniques required
    to ensure the
    reliability,
    confidentiality,
    availability, integrity
    and security of
    digital business
    processes
    Critique the
    importance of
    auditing IS
    and
    safeguarding
    data quality
    (10%)
    Inadequate
    understanding of
    the importance
    of auditing IS and
    safeguarding
    data quality;
    cannot discuss
    concepts in own
    words
    Basic knowledge
    only of the
    importance of
    auditing IS and
    safeguarding
    data quality;
    limited depth of
    basic concepts
    Exhibits breadth
    and depth of
    understanding
    of the
    importance of
    auditing IS and
    safeguarding
    data quality
    Exhibits accurate
    and detailed
    breadth and depth
    of understanding
    of the importance
    of auditing IS and
    safeguarding data
    quality
    Displays exceptional
    understanding of
    concepts and their
    practical application
    of the importance of
    auditing IS and
    safeguarding data
    quality
    Appraise the
    general
    impact of
    human factors
    and
    organizational
    issues on ISrelated

    security and
    risk
    management
    Inadequate
    understanding of
    the general
    impact of human
    factors and
    organizational
    issues on ISrelated
    security
    and risk
    management;
    Basic knowledge
    only of the
    general impact
    of human
    factors and
    organizational
    issues on ISrelated
    security
    and risk
    management;
    Exhibits breadth
    and depth of
    understanding
    of the general
    impact of
    human factors
    and
    organizational
    issues on ISrelated
    security
    Exhibits accurate
    and detailed
    breadth and depth
    of understanding
    of the general
    impact of human
    factors and
    organizational
    issues on ISrelated
    security
    Displays exceptional
    understanding of
    concepts and their
    practical application
    of the general
    impact of human
    factors and
    organizational issues
    on IS-related
    security and risk
    Page 5 of 5
    (10%) cannot discuss
    concepts in own
    words
    limited depth of
    basic concepts
    and risk
    management
    and risk
    management
    management
    Written
    Communicati
    on skills (10%)
    Proposal lacks
    structure.
    Most
    components
    present
    Components
    present and
    mostly well
    integrated
    All elements are
    present and very
    well integrated.
    All elements are
    present and very
    well integrated.
    Citation of
    sources and
    list of
    references
    (10%)
    Lacks consistency
    with many errors
    Sometimes clear
    referencing style
    Generally good
    referencing style
    Clear referencing
    style
    Clear styles with
    excellent source of
    references.
    TOTAL MARKS: 100% Total Marks Obtained:
    Comments:
    Lecturer: Location: Date:

    Order for this paper or request for a similar assignment by clicking order now below

    Order Now