Learning Outcomes:
A. Understand information systems threats, vulnerabilities and risks.
B. Understand the management of creating/maintaining a security policy.
C. Appraise methods of deployment of security controls/methods/technologies.
D. Determine courses of action to solve problems in real-world security scenarios.
Coursework Submission Requirements
- An electronic copy of your work for this coursework should be fully uploaded by midnight (local time) on the Deadline Date.
- The last version you upload will be the one that is marked.
- For this coursework you must submit a single Acrobat PDF document. In general, any text in the document must not be an image (i.e. must not be scanned) and would normally be generated from other documents (e.g. MS Office using "Save As .. PDF").
- There are limits on the file size. The current limits are displayed on the coursework submission page on the Intranet
- Make sure that any files you upload are virus-free and not protected by a password or corrupted otherwise they will be treated as null submissions.
- Comments on your work will be available from the Coursework page on the Intranet. The grade will be made available in the portal.
- You must NOT submit a paper copy of this coursework.
- All coursework must be submitted as above
Scenario:
Clothesline is a bricks and mortar company which specialises in formal wear for women. It was established 15 years ago and is a small family run business with a good established client base. Clothesline management have been thinking of expanding and have invested on an ecommerce platform. They have created a web presence and are hoping to cater to potential new customers through this online platform. The initial few months have been hard as they are competing with the top companies, which have been established online over many years. Lately the response to the marketing has resulted in quite a few new potential clients showing enormous interest from various geographical locations. The company website is responsible for marketing as well as order processing. The first few week have been successful and the system has been accommodating the current orders well. The company is anticipating more orders coming through in the coming months and have concerns over the scalability as well as security threats. They have limited resources as they are a small business and recently have been worried by stealth viruses as well as Spam. The online presence makes them more susceptible to attacks and would like to call upon your consultancy services to analyse the risk they may face and hope to control them.
They would like to protect their customer information as well as be able to safely communicate with them. This is an issue for them as they haven't had any previous experience of doing that. They have a small team of employees, approximately 15 and most of them have multiple roles to play. They do not have a specialised in-house technical team either. There are very unclear about separation of duties nor policy and this is proving difficult for them. The management are hoping for your organisation to provide clear recommendations for their organisation. They would also like to be ethical in their policies and need your insight.
- Deliverables
Structure the report as follows:
Title
Table of content
Management Summary (Abstract)
Introduction
- Identify the vulnerabilities faced by the organisation, based upon your assumptions.Please state your assumptions clearly.
- What kinds of threats should it anticipate? This should be based on current research of the security trends in the news about SME's.
Risk Management
- Identify the assets with the help of weighted factor analysis technique
- Create a risk register with risks prioritised.
Risk Control Measures
- What controls can you suggest that this company should adopt to reduce their risk involved? Please draw from the risk identification section as well as any relevant research that relates to it.
Conclusion
References have to be done in Harvard style.