SBM4304 IS Security and Risk Management
Assessment 3: Applied Project
Assessment Details:
This assessment is designed to assess your technical skills in investigation IS security, risk threats and management to an organization. The assessment is also assessing your skills to evaluate risk management techniques and IS auditing. You are required to select an organization that uses information systems to perform daily business operations. You have to identify the most valuable assets for the organisations and investigate the security threats and mitigation techniques. You have also to propose/evaluate the risk management techniques adopted by the selected organization to ensure the reliability, confidentiality, availability, and integrity. You have also to discuss audit plan and processes used by the organization and investigate the impact of human factors on security and risk management.
Task Specifications
This assessment includes two tasks as follows:
Task-1:
Assume you are working at MBC TV broadcasting organisation. MBC allows the employees to use their own computing devices - such as smartphones, laptops and tablet PCs to work with them and use them in addition to or instead of organisation -supplied devices. The MBC organisation provides information systems services to the staff and customers. You have to write a report to answer the followings related to the selected organization:
- Mobile devices are highly vulnerable and can be exposed. Discuss two types of threats against mobile devices. Illustrate how these devices are vulnerable to destruction and abuse.
- Propose with justification two types of security protection techniques for mobile devices and how they can be used to mitigate threats.
- Assume the MBC organization used Linux Web Server (Apache) to host the organization web site. Discuss how the organization can ensure the availability of the web service using Linux web server.
- Discuss the impact of employee on information security of the MBC organization. Provide risk management recommendation to reduce the risk of employee when they use mobile devices for work.
- Linux server supported with different tools for auditing. Illustrate Linux server auditing tools and discuss how they can be used by the selected organization to monitor and analyzing the web server and email server problems.
You may need to make some assumptions with the required justifications. Please note you have to use Harvard reference style.
Task-2:
Access control is granting or denying approval to use specific resources. Technical access control consists of technology restrictions that limit users on computers from accessing data. In this task you have to understand access control (ACL) list and files system security using Linux. You have to demonstrate the way and commands of complete the followings tasks using Linux:
- Demonstrate the way of creating two directories ‘{StudentID1}’ and ‘{StudentID2} under main directory ‘SBM4304’. Where, StudentID1 and StudentID2 are the student ID of two students. Illustrate the command/s can be used to set full access to SBM4304 directory.
- Demonstrate the way of creating three users; {u1}, {u2} and {u3}, where u1, u2 and u3 are the first name of three students.
Illustrate the commands available in Linux to create directories and users and set and view the required permissions. In your report, you have to provide the commands you need during the process of conducting the requirements of Task-2.
Submission
you have to submit a report in word format include your answer for Task-1 and Task-2. You have to include cover page that include your student ID and full name.
Marking Information: The applied project will be marked out of 100 and will be weighted 20% of the total unit mark.
|
Marking Criteria |
Not satisfactory (0-49%) of the criterion mark) |
Satisfactory (50-64%) of the criterion mark |
Good (65-74%) of the criterion mark |
Very Good (75-84%) of the criterion mark |
Excellent (85-100%) of the criterion mark |
|
Introduction (5 marks) |
Poor Introduction with irrelevant details |
Introduction is presented briefly and is missing the report outline |
Introduction is generally presented along with the report outline |
Introduction is well written, and the report outline is also discussed |
Introduction is very well written, and the report outline is also discussed |
|
Threats against Mobile devices (15 marks) |
Poorly discussion about threats and not related to mobile devices |
Brief discussion about threats and not related to mobile devices |
Good discussion about threats related to mobile devices |
Well discussion about threats related to mobile devices |
Excellent discussion about threats with clear specifications related to mobile devices |
|
Security protection techniques for mobile devices (15 mark) |
Poor discussion about security protection techniques for mobile devices with irrelevant information |
Brief discussion about security protection techniques for mobile devices |
Generally good discussion of security protection techniques for mobile devices |
Very clear discussion about of security protection techniques for mobile devices |
A very clear and indepth discussion of security protection techniques for mobile devices |
|
Availability of the web service (10 mark) |
Lack of evidence of understanding of availability for web service. |
Evidence of basic understanding of availability of the web service with limited examples. |
Evidence of good understanding and identification of techniques to improve the availability of the web service |
Very clear understanding and identification of techniques to improve the availability of the web service |
Has excellent understanding and identification of techniques to improve the availability of the web service |
|
Impact of employee on information security (10 mark) |
Lack of evidence of understanding of impact of employee on information security |
Evidence of basic understanding of impact of employee on information security |
Evidence of good understanding of impact of employee on information security |
Very good understanding of impact of employee on information security |
Excellent understanding of impact of employee on information security |
|
Linux server auditing tools (10 mark) |
Lack of evidence of understanding of audit process |
Evidence of basic understanding of audit process and not related to the selected sector. |
Good understanding of audit process with discussion related to the selected sector |
Very good understanding of audit process with discussion related to the selected sector |
Excellent understanding and demonstration of audit process related to the selected sector |
|
Directory creation (10 mark) |
Lack of evidence of understanding the Linux commands for directory creation and access. |
Very brief demonstration of using Linux commands for directory creation and access. |
Evidence of good understanding and demonstration of using Linux commands for directory creation and access. |
Very clear understanding and demonstration of using Linux commands for directory creation and access. |
Excellent understanding and demonstration of using Linux commands for directory creation and access. |
|
User creation (15 mark) |
Lack of evidence of understanding of the process of user creation |
Very brief demonstration of using Linux commands for user creation |
Evidence of good understanding and demonstration of using Linux commands for user creation |
Very clear understanding and demonstration of using Linux commands for user creation |
Excellent understanding and demonstration of using Linux commands for user |
|
Summary (5 marks) |
Summary not relating to the report |
Brief summary of the report with some relevance |
Generally good summary of the report |
A section clearly summarizing the overall contribution |
A section very clearly summarizing the overall contribution |
|
References using Harvard style |
Lacks consistency with many errors. |
Unclear referencing/style |
Generally good referencing/style |
Clear referencing/ style |
Clear styles with excellent source |
|
(5 marks) |
of references. | ||||
|
report |
relevance |
report |
overall contribution |
summarizing the overall contribution | |
|
References (5 marks) |
Lacks consistency with many errors. |
Unclear referencing/style |
Generally good referencing/style |
Clear referencing/ style |
Clear styles with excellent source of references. |
