Assessment
Description
Answer all the questions below. You
should compile a well-constructed, formally written report of no more
than 2,000 words that encompasses industry standards and
fundamental digital security best practices. The assignment will specify a
different scenario on which to base the context of your answers.
Whilst your target audience has some
level of IT knowledge, they have employed you as the subject expert. Answers to
each question should be provided at a level of technical detail sufficient to
that target audience in the given scenario. You should apply the knowledge
gained from the lectures, and complement this with your own
research in order to demonstrate an understanding of the subject
material, explaining the technology and how it applies to the context of the
given scenario, providing suitable examples where appropriate.
Question 1: Computer Misuse
Act (15 Out of 100) [ ~ 400 words]
You have just started a new job
at Ruskin University as a security specialist. Ruskin
University has established a new branch in Ipswich and has hired
over 200 new members of academic and non-academic staff. The new members of
staff are hired from different countries with different backgrounds, rules,
regulations, and security practices. This raises concerns about the security
awareness of the new personnel and their understanding of digital offences in
the United Kingdom. As your first task, you have been asked to promote
the security awareness of your new colleagues by creating an educational
brochure that outlines the UK Computer Misuse Act 1990.
Your brochure should include the
following:
Various computer misuse offences under
CMA with extensive details and examples related to the university
environment. Details of each offence must be adopted and
reinterpreted for the university environment.
Jurisdiction for computer misuse offences
under misuse Act.
IMPORTANT: Your solution must be adapted to
the university environment and use cases.
Question 2: Risk
Assessment (15 Out of 100) [~ 400 words]
You have been asked to conduct
both quantitative and qualitative risk
assessments for Ruskin University. Describe the steps that
you must take to conduct risk assessment. Use the following imaginary network
topology as a baseline to estimate the Ruskin University digital
assets (hardware, software) and their average monetary values. Try to
identify THREE security threats that might
be critical to Ruskin University digital assets. Form your quantitative and qualitative risk
assessment based on those security threats and offer
mitigation plans for each.
Figure 1: Ruskin University Network Topology
Question 3:
Cryptography (20 Out of 100) [ ~ 400 words]
At Ruskin University, you are
responsible for safeguarding and protecting the sensitive and personal
information of students and staff.
3.1 Outline how and where symmetric and asymmetric cryptography
can contribute to the security of communications at Ruskin University? (Your
solution must be technical, and it should be adopted to the University
environment and use cases. Elaborate your solution with examples, provide
a comparison if required).
3.2 Outline the possible risks and attacks that
can be mitigated through various cryptographic frameworks? (Your solution
must be technical, and it should be adopted to the University environment and
use cases. Elaborate your solution with examples).
3.3 Outline how PKI and Digital
Certificates contribute to the security of the communications at
Ruskin University? (Your solution must be technical, and it should be adopted
to the University environment and use cases. Elaborate your solution with
examples).
3.4 Outline how your solutions at 3.1, 3.2, 3.3
delivers CIA and AAA framework?
Question 4:
Incident Response Plan (15 Out of 100) [ ~ 400 words]
You have been asked to develop
an Incident Response Plan for the Ruskin
University to protect the university assets and safeguard business
continuity in the case of a disaster, cyber-attack, or critical failure.
Elaborate your solution based on the NIST’s Computer
Security Incident Response lifecycle.
NIST’s computer security incident handling
guide can be found here:
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf (Links
to an external site.)
IMPORTANT: Your solution must be technical, and it
should be adopted to the university environment and use cases. Elaborate your
solution with examples.
Question 5: OWASP
Secure Coding (15 Out of 100) [ ~ 400 words]
You have switched your job and now you
are working as a security specialist in a software
development company. Your company has recently signed a new contract with Anglia
Council to develop a new highly secure cloud-based office
management/accounting software system capable to handle highly confidential
resident information, financial transactions, and their tax records. The system
should allow residents to log-in to the system, upload and download documents,
fill up online forms, contact consultants, and make online payments.
Your first task is to make sure all
developments in this project are secure and meet software security principles
and guidelines.
Create a secure coding checklist for the
various component of the office management/accounting software by adopting
the OWASP secure coding practices. Provide case-study related descriptions
and examples. You can find the OWASP secure coding practices here:
https://owasp.org/www-pdf-archive/OWASP_SCP_Quick_Reference_Guide_v2.pdf (Links
to an external site.)
Using the OWASP Top 10 security risks,
identify five different attacks that office management/accounting software
might be vulnerable against. Provide case-study related descriptions and
examples. You can find the OWASP top 10 security concerns here:
https://owasp.org/www-project-top-ten/