User Account

All Pages

Brief summary of the data architecture of the company

Assignment Help Database Management System
Reference no: EM13778252

Understand the challenges and evaluate the risks in managing the security of an information system
 Critically analyse using a threat and risk assessment.
This will be based on a case study, in which you will demonstrate your ability to manage an information system and conduct threat and risk assessment.
CASE STUDY
‘Dog World' is a very successful retailer of all things related to dogs - from canine health care products, dog toys & chews through to dog food & supplements to in-house vet advice and dog books/DVDs. They also have a community bulletin board where local business can advertise canine services (like dog walking or grooming) and local people can advertise puppies for sale or dogs that need re-homing. Each store has a local paper-based board.

The company operates a national chain of 100 out-of-town retail stores plus its own successful website called www.dogworld.com which operates a full e-commerce facility backed up by a multi-terabyte database. The website supports a national (and often international) dog-lovers community chat forum. The website also runs paid-for adverts from other companies in the dog sector.
Each local store has a manager and between 10-15 staff, each with varying degrees of access to the company IT systems. For example, a junior-level sales assistant can only log onto the EPOS (electronic point-of-sale) terminals to make sales (cash or card) and pull up prices and product details.

They cannot delete or modify anything nor make refunds. Supervisor level staff can do all this plus make refunds but nothing else. Only managers can modify product data or prices - perhaps because of a local temporary sales event.
All EPOS systems are linked to the central corporate data centre where the central IT team are responsible for uploading and maintaining all product and pricing data and for developing and maintaining the corporate website.

the chief executive of Dog World has become very concerned recently about two data theft incidents. Firstly, some confidential corporate data has found its way into the public domain (which could be abused by competitors and suppliers) and secondly, several thousand sets of customer records have been hacked - including personal and card payment details.

This latter attack has not been publicized but could obviously seriously damage the company image. The in-house IT staff lack the necessary technical knowledge and skills to get on top of this security problem - much to the annoyance of the chief executive.
So to address this potentially disastrous situation form escalating, the chief executive has contracted you - an information security consultant - to advise him on how to secure the corporate data assets and to highlight and evaluate the different types of threat (internal or external) that the company faces and how to contain or eliminate those risks. You will thus produce a threat & risk assessment, supplemented by recommended solutions and actions.

Specifically, the chief executive has requested that your report covers the following areas:

(a) A brief summary of the ‘data architecture' of the company - how/where data is captured, where it is transmitted to/from (and how), where it is stored and how/where it is backed-up and audited. A clearly annotated diagram would greatly help here. (Worth 10%)

(b) A detailed breakdown of all possible ‘access points' into that data architecture - both internally by staff at different levels/roles/sites and externally by third parties (customers, competitors, suppliers and malicious attackers). What data can they see and what can they do? (Worth 20%)

(c) A detailed analysis of what risks each ‘access point' presents - how could any person (internal or external) exploit that access point for malicious reasons? What damage could they do via that access point? (Worth 20%)

(d) A detailed set of solutions and actions for each identified risk - so as to minimize or ideally eliminate that risk, even if the access point cannot (or perhaps should not) be closed itself. Such solutions and actions could be technical, social, legal, managerial or procedural. (Worth 30%)

(e) A comparison of the company's present and recommended security plan as compared against industry standard IT security frameworks or benchmarks. How well does the company compare now against the best and how will it compare once all your solutions and actions are implemented? (Worth 20%)

See below for the marking scheme and further advice...

The above provides a basic outline of the company. It is expected that you will have to supplement this case study with your own intelligent assumptions and additional research. You must fully document and explain all such assumptions and fully reference any external sources you use via the Harvard referencing system.
Marking scheme

(a) A large, clearly annotated diagram is clearly needed here. It should include all hardware, data communications and servers. This is one aspect where research and intelligent extensions/assumptions come into play. Worth 10%

(b) An ‘access point' is defined as any interaction opportunity between the corporate data (including customer personal & card data) and a human user - who could be a member of staff in a local sore, a member of staff at central IT or corporate HQ, an external member of the public looking on the website, an attacker probing the website etc. For each you should list all legitimate access rights and all potential or illegitimate actions. A table may be best to display all this work. Worth 20%

(c) The risks could be accidental data loss or damage to outright hostile and malicious attack - internally or externally. Using the ideas presented in the unit plus your own research, itemize each risk - real or potential - for each type of user and access point. Again, perhaps a tabular layout would help here. Worth 20%

(d) The recommended solutions and actions can come from ideas presented in the unit but for a high mark on this criterion you are strongly advised to conduct your own private research. Every risk should be aligned with a solution or action. Worth 30%

(e) This task firstly demands that you research what IT security frameworks and standards are out there in the real world and then compare the present case study - before and after implementing your recommendations - against these findings. For example, in the unit we discuss a set of guidelines for cloud-based data security. Your job is to find others. Worth 20%

Reference no: EM13778252

Questions Cloud

How the problems associated with your special population : Identify the characteristics and specific needs of the selected special population. Describe how the problems associated with your special population can be resolved. What would happen if the population was left unattended and not managed properly
What are the four parts of the compiling process : Flip over this test. On the back of this test write your name in the upper, left-hand corner. What are the four parts of the compiling process
Flexibility of women in the workplace : After viewing Women as change agents in America: Part I, determine why Kathleen Christensen believes that the flexibility of women in the workplace is a social and structural issue. Identify some factors that have affected women's flexibility in t..
Do you think the rapid cash store should stay in business : From the standpoint of ethics, do you think The Rapid Cash Store should stay in business? Explain your reasoning
Brief summary of the data architecture of the company : Understand the challenges and evaluate the risks in managing the security of an information system  Critically analyse using a threat and risk assessment.
Cultural diversity in the us-culture shock : Read the additional articles for the chapter-especially the Nacirema example-before attempting this assignment. You may also find it helpful to revisit the excerpt in your textbook, "Cultural Diversity in the US - Culture Shock: The Arrival of the..
Person-situation interaction : Assume that you are an industrial/organizational consultant brought into the same office as asked to study these person-situation interactions in order to advise management how to best put them to use to increase employee motivation which research..
Collaboration system at isuzu australia limited : Isuzu Australia Limited (IAL) is responsible for marketing and distributing Isuzu trucks in Australia. With just 65 employees, IAL depends on its national dealer network to maintain its market position.
What suggestions can you make to margot : What suggestions can you make to Margot about overcoming cross-cultural communication barriers? What might be the factor or factors contributing to any errors Margot might be making in terms of cross-cultural communication

Reviews

Write a Review

Database Management System Questions & Answers

  Derive an efficient computation method

Discovery-driven cube exploration is a desirable way to mark interesting points among a large number of cells in a data cube. Derive an efficient computation method to identify such points during the data cube computation

  Diagram of the table containing the initial data

Diagram of the table containing the initial data - state how you checked that the XML file is well-formed and what messages are sent if it is not well-formed?

  Explain the type of analysis you completed

Your Memo will focus one paragraph on each of the Data Analysis sheets in your workbook. Explain the type of analysis you completed, the conclusions you drew, and a recommendation based on the analysis

  Write table in dbdl notation after applying methodology

Proceed with all steps in information-level design to add this user view to existing cumulative design. Is this table in1st NF?___No____ . If Yes skip. If not, write Table in DBDL notation after applying the methodology we use for converting into 1NF..

  Business development activity cost pool

How much cost, in total, would be allocated to the Working On Engagements activity cost pool and how much cost, in total, would be allocated to the Business Development activity cost pool?

  Based on the baxter aviation scenario that you used for the

based on the baxter aviation scenario that you used for the first exam. please read the following narrative carefully

  What do you mean by data base scheme

Database Questions:  What do you mean by data base scheme?  What do you mean by cardinality ratio?   What do you mean by degree of relation?

  Select the primary key from the candidate keys

How do you select the primary key from the candidate keys? How do foreign keys relate to candidate keys? Provide examples from either your workplace or class assignments.

  Construct a query that will show the number of days

Construct a query that will show the number of days that exist between the first invoice and last invoice, for each month, for each employee, using the DATEDIFF function

  Benefits of data mining to the businesses

Determine the benefits of data mining to the businesses when employing: Predictive analytics to understand the behavior of customer

  Describe how the data and information are stored and used

weekly assignment analysis and research for a data warehouse systembased on knowledge and examination you will analyze

  Your company has put in the request for a new database

your company has put in the request for a new database system and you have been tasked with architecting the security

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd