Assessment type: Written assessment, Individual assignment (2,000 words).
Purpose: The purpose of this assessment is to demonstrate student awareness of current industry and research trends in the field of information security. Analyse and evaluate the organizational adoption of security controls. Design solutions for concrete security problems for distributed applications This assessment contributes to learning outcomes c, d.
Submission requirements details: All work must be submitted on Moodle by the due date. Reference sources must be cited in the text of the report, and listed appropriately at the end in a reference list using Harvard Anglia referencing style.
Assessment topic: Security Plan and Training Program
Task Details: This assignment requires you to design a security plan based on a given case study. The learning outcomes of this assignment are to recognize the threats that exist in your current or future work place. Through your research, identify the threats, outline security guidelines and develop a robust and pragmatic training programme. You should develop a plan that you would regard as helpful to you, the information user, as well as protecting your organization’s information environment. Use your imagination in combination with a wide-range of material. You are required to complete and submit a security plan based on the following scenario:
Case Study Scenario:
The director of Cyber Café was concerned of the information assurance and network security concerns. The director was concerned that a virus or other forms of cyber-attack could cause extended downtime, which would have a negative impact on morale and productivity. It turned out, there were threats received via email. Law enforcement agencies were notified and the source of the emails was tracked back to one of the Cyber Café Locations. The Law enforcement agencies shut down the Cyber Cafés for 2 days during the investigation. Due to the non-existence of security policies at the Cyber Café, it could not be determined who specifically sent the email. This incident did get the attention of upper management, which made getting approval for most of the recommendations much easier.
There are actually 3 locations that fall under the Cyber Café umbrella. The primary location, known as ECC, consists of 30 workstations and is open 24 hours a day. The second location is inside a food service outlet known as CPC. This location consists of 10 workstations and is open from 1100-2200 daily. The third location is in the library. This location consists of 2 workstations and the hours vary. The Cyber Cafés are located in a very remote location. The nearest computer/electronics store is 7 hours away. Nearly 100% of the local population is either a company employee or works for a contractor supporting company operations. There is a small telephone company that services the area and provides ISP services. The charge for Dial-up Internet access is $.05 per minute. Long Distance phone calls start at $.50 per minute; due to the remote location all extra-company calls are long distance. The Cyber Café offers free Internet access and is the main form of communication between the employees and their friends and family. The availability of these Cyber Cafés has a direct impact on morale and employee productivity.
a) Identify few employees of the organization and conduct interviews to gather information on the major complaints
b) Identify what are the organizational holdings at risk
c) Apart from the threats that has been recognized by the employees develop a list of other possible threats
d) Design a security plan with the details of necessary counter-measures to manage and address the threats
e) Develop a comprehensive information security training and awareness program for the staff personnel of the organization