Assignment: IS Security and Risk Management
Details:
This assessment is designed to assess your technical skills in investigation IS security, risk threats and management to an organization. The assessment is also assessing your skills to evaluate risk management techniques and IS auditing. You are required to select an organization that uses information systems to perform daily business operations. You have to identify the most valuable assets for the organisations and investigate the security threats and mitigation techniques. You have also to propose/evaluate the risk management techniques adopted by the selected organization to ensure the reliability, confidentiality, availability, and integrity. You have also to discuss audit plan and processes used by the organization and investigate the impact of human factors on security and risk management.
Task Specifications
This assessment includes two tasks as follows:
Task-1:
Each student should select an organisation. The organization must provide information systems services to the staff and customers. You have to write a report to answer the followings related to the selected organization:
1. Network devices are highly vulnerable and can be exposed. Discuss two types of threats against network routers/switches of the selected organization. Illustrate how these devices are vulnerable to destruction and abuse.
2. Propose with justification two types of network security devices can be used to control security and mitigate threats related to the web and email servers.
3. Assume the organization used Windows server 2016 to host the organization web site. Discuss how the organization can ensure the availability of the web service using windows server 2016.
4. Discuss the impact of employee on information security of the selected organization. Provide risk management recommendation to reduce the risk of employee.
5. Windows server 2016 supported with different tools for auditing. Illustrate windows server 2016 auditing tools and discuss how they can be used by the selected organization to monitor and analyzing the web server and email server problems.
You may need to make some assumptions with the required justifications.
Task-2:
Use the online encryption tool to encrypt your student ID and name using Data Encryption Standard (DEC) according to the following table:
Table 1: Encryption student details using DEC
|
Item
|
Settings/Result
|
|
Key
|
SBM4304
|
|
Algorithm
|
Data Encryption Standard
|
|
Mode
|
CBC
|
|
Encode the output using
|
Base64
|
|
Text to encrypt
|
{Student ID:Student name}
|
|
Encrypted with dec (Result)
|
{Encrypted text}
|
You have to replace:
• {Student ID:Student name} with your student ID and your name
• {Encrypted text} with the encrypted text In your report, you have to provide:
1. Table-1 with completed fields with a support of screenshot of encryption website.
2. Screenshot demonstrate the verification of your work by decrypting the cipher obtain in Table-1
Note you have to use Harvard reference style and the report should be submitted as a Word file.
In completing this assessment successfully, you will be able to investigate IS security, risk threats and propose the suitable security controls, which will help in achieving ULO-1, ULO-2, ULO-3, ULO-4 , ULO- 5, ULO-6 and ULO-7, this in turn will help you in achieving CLO-1, CLO-2, CLO-3, CLO0-4 and CLO-9, which collectively with other unit learning outcomes will help in achieving GA-52, GA-10, GA-11 and GA-12.
Format your assignment according to the following formatting requirements:
1. The answer should be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides.
2. The response also includes a cover page containing the title of the assignment, the student's name, the course title, and the date. The cover page is not included in the required page length.
3. Also include a reference page. The Citations and references should follow APA format. The reference page is not included in the required page length.