User Account

All Pages

Information security management assignment

Assignment Help Computer Network Security
Reference no: EM133122530 , Length: word count:2000

Information Security Management

Learning Outcome 1: Select and use applicable standards and methods for information security and risk management.

Learning Outcome 2: Conduct and properly document risk assessment based on a given scenario.

Learning Outcome 3: Find and evaluate appropriate published information to remain up-to-date about threats, vulnerabilities and patches.

Assessment Scenario

A conveyancing & estate service in the UK, CONVXYZ, hired your team to set up their IT network/system. The company provides (i) real estate services for property vendors and buyers and (ii) conveyancing services by their employed lawyers. The goal of the security system is to prevent or minimize the business loss caused by possible incidents, such as malfunction, information stealing, data modification, deletion or destruction, etc., including the recent dangerous conveyancing scams that has several victims recently.

Your colleagues in the team have proposed the first version of the security network architecture depicted in Figure 1. As a person responsible for risk assessment in your team, your task is to conduct a risk assessment on this system.

In Figure 1 the internal network of CONVXYZ is denoted by the dashed box, and all the assets in this dashed box are located in the company premise in the UK.

2151_Network architecture.jpg

 

In Figure 1 the internal network of CONVXYZ is denoted by the dashed box.

• The company has a website (by the web server) where the customers can browse the properties and contact the estate agents. After registering to their conveyancing service, the customers get an account (username and password) to the website with which they can login and keep track of their property selling/buying transaction e.g., download documents for signing, upload their documents.
• The authentication server is responsible for authenticating the credentials (usernames and passwords) of both the customers and staff (lawyers and estate agents). When performing an authentication task, the authentication server communicates with the customer and staff database which stores information about the customers and staff. After a successful authentication, the customers and staff will be able to access to their property selling/buying documentations and current transaction/status.
• Company employees, such as lawyers and estate agents can use their computers to login the company website or browsing the internet.
• Before property exchange between the vendor and buyer, the buyer is requested to transfer the money to the bank account of CONVXYZ.

The bank account details is sent to the customer via email or by post.
• The mail server enables staff to send and receive emails from the customers and other member of staff.
• Individual visitors/customers can browse the website of CONVXYZ and register/login with their PCs via Internet.
• Lawyers are allowed to work remotely via a VPN (Virtual Private Network) tunnel.
• The PCs and servers are connected to 2 network switches and a router.
• The internal network is protected by a firewall.

Assessment Brief

In this assignment you have to:
• Conduct a risk assessment on the network in Figure 1, based on the ISO 27005 standard.
• Write a detailed risk assessment report

Flexibility of the Software/Hardware/Firmware Parameters
As you can see, there are no specific hardware and software details given in Figure 1. To avoid working in the entirely same network (and hence copying from each other), before doing the risk assessment, you have to specify the system parameters and the system boundaries, including the used operating systems, hardware, software/applications and firmware. Ideally, each of you will work with different sets of system parameters/scope that you chose or specified.

REPORT STRUCTURE

To meet the requirements your report must have a professional look. In order to help you in this regard the following structure is provided as a guideline. The report must contain the following main sections, however, you are allowed to add subsections as you find reasonable.

Introduction
Here you will specify the risk assessment method that you use, discuss the advantages of this risk assessment method. Finally, highlight the certain tasks that you will perform during the risk assessment on the given system.

Risk Assessment
• This section contains the main part (result) of the report, namely, the whole risk assessment process made on the system in Figure 1, besides your chosen system parameters. The section can include several sub-sections:
• Owner specification,
• Assets (primary and secondary). You should explain briefly why the assets are primary or secondary. You can give a collective explanation for a group of assets instead of explaining for each asset.
• One threat for each asset.
• One vulnerability for each asset. The vulnerabilities have to be taken from one of the online vulnerability databases (e.g. NVD), and have to be given with the official CVE- number.
• Likelihood level computation, using Boston gird
• Impact table specification
• Risk identification with the risk level, using risk matrix (Boston grid).
o At most 10 risks should be given.

Attachment:- Information Security Management.rar

Reference no: EM133122530

Questions Cloud

Dmaic methodology of quality management : You will continue to build your understanding of the DMAIC methodology of quality management by applying the skills and knowledge
Views on public budgeting : Have your views on public budgeting changed in significant ways since the beginning of the course?
Calculate depreciation expense for the truck : ABC Corp. purchased a delivery truck for $110,000 on August 1, 2016. Calculate depreciation expense for the truck for 2016 and 2017
Compute marcia qbi deduction : Marcia, a single individual, has qualified trade or business income after all applicable deductions of $240,000. Compute Marcia QBI deduction
Information security management assignment : Information Security Management - Find and evaluate appropriate published information to remain up-to-date about threats, vulnerabilities and patches
How much money do you sell it : A non-interest bearing promissory note has a $2400 maturity value and it matures in 90 days. How much money do you sell it
The ripple effect of supermarket wars : Describe how Aldi is creating competitive rivalry in the retail grocers' industry. As explained in this chapter's Opening Case, Amazon purchased Whole Foods.
How each culture influences values in workplace : Portray how each culture influences values in the workplace. Discuss ethical norms in both cultures and how they differ.
Calculate the correct balance of cash at the end of march : Question - Brangelina Adoption Agency's general ledger shows a cash balance of $4,593. Calculate the correct balance of cash at the end of March

Reviews

Write a Review

Computer Network Security Questions & Answers

  An overview of wireless lan security - term paper

Computer Science or Information Technology deals with Wireless LAN Security. Wireless LAN Security is gaining importance in the recent times. This report talks about how vulnerable are wireless LAN networks without any security measures and also talk..

  Computer networks and security against hackers

This case study about a company named Magna International, a Canada based global supplier of automotive components, modules and systems. Along with the company analysis have been made in this assignment.

  New attack models

The Internet evolution is and is very fast and the Internet exposes the connected computers to attacks and the subsequent losses are in rise.

  Islamic Calligraphy

Islamic calligraphy or Arabic calligraphy is a primary form of art for Islamic visual expression and creativity.

  A comprehensive study about web-based email implementation

Conduct a comprehensive study about web-based email implementation in gmail. Optionally, you may use sniffer like wireshark or your choice to analyze the communication traffic.

  Retention policy and litigation hold notices

The purpose of this project is to provide you with an opportunity to create a document retention policy. You will also learn how to serve a litigation hold notice for an educational institute.

  Tools to enhance password protection

A report on Tools to enhance Password Protection.

  Analyse security procedures

Analyse security procedures

  Write a report on denial of service

Write a report on DENIAL OF SERVICE (DoS).

  Phising email

Phising email It is multipart, what are the two parts? The HTML part, is it inviting the recepient to click somewhere? What is the email proporting to do when the link is clicked?

  Express the shannon-hartley capacity theorem

Express the Shannon-Hartley capacity theorem in terms of where is the Energy/bit and is the psd of white noise.

  Modern symmetric encryption schemes

Pseudo-random generators, pseudo-random functions and pseudo-random permutations

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +91-977-207-8620

Phone: +91-977-207-8620

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd