SBM4304 IS Security and Risk Management
Unit Code and Title: SBM4304 IS Security and Risk Management Assessment Overview
|Assessment 1: Quiz||10%||Week 3||30 mins||ULO-1|
|Assessment 1: Case Study||20%||Week 4||2000 words||ULO-3 ULO-5 ULO-6|
|Assessment 3: Applied project||20%||Week 7||2000 words||ULO-1 ULO-2 ULO-3 ULO-4 ULO-5 ULO-6 ULO-7|
|Assessment 4: Laboratory Participation and Submission||10%||Week 2, 3, 4, 5, 6, 7||N/A||ULO-1 ULO-2 ULO-3 ULO-4 ULO-5 ULO-6 ULO-7|
|Assessment 5: Examination||40%||Week 8||2 hours||ULO-1 ULO-2 ULO-3 ULO-4 ULO-5 ULO-6 ULO-7|
Assessment 1: Quiz
This quiz will assess your knowledge of key content areas (Week 1 and 2 contents) and to identify further support needs. For successful completion of the quiz, you are required to study the material provided (lecture slides, tutorials, and reading materials), engage in the unit’s activities, and in thediscussion forums. The prescribed textbook is the main reference along with the recommended reading material. By completing this assessment successfully, you will be able to identify key aspects of scope management as per best project management practices. This will then help in achieving ULO1 this in turn will help you in achieving CLO-1, which collectively with other unit learning outcomes will help in achieving GA2.
Assessment 2: Case study
|Due date:||Week 4|
|Word count / Time provided:||2000|
|Unit Learning Outcomes:||ULO-3, ULO-5, ULO-6|
The risk to organizations from a network attack has increased exponentially. Threats can occur at any point on the internet where there is a potential weakness that hackers can exploit using different types malware. As the number of devices grows, the potential for attack and disruption increases.
Assume you are working as an IT security consultant at the IT department of ITech company. The company uses data centres to store very important customer data. As an IT consultant, you have to advice the staff about the ransomware attack, their types and threats. In this context write a report including the following sections:
- Introduction about ransomware attack and their impacts on the society.
- Discussion of any three recent variants of ransomware attacks.
- The working mechanism of ransomware.
- Potential threats posed by ransomware.
- References in Harvard style.
Assessment 3: Applied Project
This assessment is designed to assess your technical skills in investigation IS security, risk threats and management to an organization. The assessment is also assessing your skills to evaluate risk management techniques and IS auditing. You are required to select an organization that uses information systems to perform daily business operations. You have to identify the most valuable assets for the organisations and investigate the security threats and mitigation techniques. You have also to propose/evaluate the risk management techniques adopted by the selected organization to ensure the reliability, confidentiality, availability, and integrity. You have also to discuss audit plan and processes used by the organization and investigate the impact of human factors on security and risk management.
This assessment includes two tasks as follows:
Each student should select an organisation. The organization must provide information systems services to the staff and customers. You have to write a report to answer the followings related to the selected organization:
- Network devices are highly vulnerable and can be exposed. Discuss two types of threats against network routers/switches of the selected organization. Illustrate how these devices are vulnerable to destruction and abuse.
- Propose with justification two types of network security devices can be used to control security and mitigate threats related to the web and email servers.
- Assume the organization used Windows server 2016 to host the organization web site. Discuss how the organization can ensure the availability of the web service using windows server 2016.
|Due date:||Week 7|
|Word count / Time provided:||2000 words|
|Unit Learning Outcomes:||ULO-1, ULO-2, ULO-3, ULO-4, ULO-5, ULO-6, ULO-7|
|Course Learning Outcomes:||CLO-1, CLO-2, CLO-3, CLO-4, CLO-9|
- Discuss the impact of employee on information security of the selected organization. Provide risk management recommendation to reduce the risk of employee.
- Windows server 2016 supported with different tools for auditing. Illustrate windows server 2016 auditing tools and discuss how they can be used by the selected organization to monitor and analyzing the web server and email server problems.
You may need to make some assumptions with the required justifications. Please note you have to use Harvard reference style.
Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video. Use Steghide tool available in Kali Linux to hide a text file include the group students names and IDs on APIC logo image. In your report, you have to provide screenshot demonstrate the steps you followed during the process of installation of Steghide, and the way you use to hiding group information text file into APIC logo image and finally the steps to extract the text file from image for verification of your work.
you have to submit two files: report in word format for Task-1 and the APIC logo image that includes your group information for Task-2. The two files must be submitted separately not in single compress file.
Assessment 4: Laboratory Participation and Submission
Practical exercises assess students’ ability to apply theoretical learning to practical, real worldsituations on a weekly basis. This assessment will improve student’s ability to practice information security using Kali Linux platform such as phishing attack, encryption and steganography and other functions.
|Due date:||Week 2, 3, 4, 5, 6, 7|
|Word count / Time provided:||N/A|
|Unit Learning Outcomes:||ULO-1, ULO-2, ULO-3, ULO-4, ULO-5, ULO-6|
|Course Learning Outcomes:||CLO-1, CLO-2, CLO-3, CLO-4, CLO-5, CLO-7|