fbpx

Get Cheapest Assignment in Australia, UK, US, UAE, Canada and NZ Order Now

CIS097 Principles of Information Security

0 Comments

Assignment 1 – 2021 – HealthyHerts InfoSec report

Submission DeadlineMarks and Feedback
Before 10am on: 26/11/202020 working days after deadline (L4, 5 and 7)
15 working days after deadline (L6)
10 working days after deadline (block delivery)
  Click or tap to enter a date. 
Unit title & codePrinciples of Information Security – CIS097-1
Assignment number and titleAssignment 1 – 2021 – HealthyHerts InfoSec report
Assessment typeWR-GR – Group Report
Weighting of assessment70%
Unit learning outcomesProvide an understanding of knowledge and awareness of information and systems security processes, frameworks, tools and techniques used in different organisational contexts.Identify, select and apply solutions related to information security management, strategies, and technologies to respond to multi-faced attacks, and mitigate against constantly evolving threat landscapes.
What am I required to do in this assignment?
In order to pass Assessment 1, you will need to: Apply your knowledge of information security to a given real-world problem Evaluate the concept of the defence-in-depth approach to cyber-defence Outline the threat vector given an information security scenario Outline the steps needed to secure a computer system and/or give recommendations for cyber-defence Justify the choices and selections of information security tools and techniques included in your solution to a given scenario   This is a case study of a network and information security consultation conducted on behalf of HealthyHerts who are a community Health Centre in Hertfordshire which provides a number of services and support including the following: family planning and sexual health, alcohol and drug programs, maternity and child health services, mental health services, aged care, gambling and addiction rehabilitation, self-help, health promotion and exercise, community outreach etc.   During the covid lockdown many of their services, as best they could, went online. Typically, there was a minimum number of staff allowed on-site each day (it was limited to those providing physical treatments and only one receptionist) the rest of the staff worked from home. Administration staff worked remotely – they did not always have access to a work laptop and otherwise used their own systems and networks.   Consultants, health workers and nursing staff etc. usually gave support over email, video-conferencing and forum based digital resources. When they could, staff accessed appointments and client records over a virtual private network from home. Clients could also make use of the HealthyHerts websites (a bit like NHS and 111 online) to provide access to lookup issues, find health advice and to make appointments and book onto online courses and consultations.    Since lockdown, HealthyHerts are still keen to keep many of the online practises where they can – as many seem to have reached more community members. Also, until the covid crisis is completely over, there is a need for hybrid solutions.   You are to provide a report detailing the information and cybersecurity concerns that may be faced by the company and to make recommendations for improvements to their remote working, network and computer systems to mitigate the likelihood of damage from those threats. Your report needs to highlight the principles of cyber and information security. Scenario and Environment Description You are part of a digital information security team called InfoSafe who often act as consultant advisors to UK businesses to assess and help improve their data security. One of your current clients is a small enterprise called HealthyHerts, who are a community Health Centre. HealthyHerts have a commercial building, just outside of Stevenage, which houses the main e-commerce servers and a small LAN for the 25 or so employees. There are 4 main administration and reception staff, one personnel and HR person, 5 community midwives, 10 general health practitioners, 2 technical staff (who look after the IT systems and infrastructure as well as update the website and do incident response and data security), 1 building manager, 1 manager and a CEO who reports to the local trust and health services. HealthyHerts have hired InfoSafe to help in reviewing their network and information security. In the previous year they found that the number of cyber-attacks against the company increased. They were the targets of several social engineering and phishing attacks, one mandate fraud attempt, one ransomware attack (on an older Windows 7 system) and  – they think –  a few hacking attempts. HealthyHerts do not believe (but cannot verify) that any data was accessed in these hacking attempts. As part of your assessment, your team is asked to provide a ‘Cybersecurity threat-vector evaluation’ which will critically evaluate the current areas of weakness within the company, that a cyber-criminal may take advantage of, and suggest solutions (People, Processes and Products) to improve information security.   Current HealthyHerts – Products, People and Processes HealthyHerts is an established community health provider, but despite initial investment and success, declining profits have led to redundancies throughout the company and a reduction in the investment of network and information security equipment and training. As is with many such businesses, they have older infrastructure, limited budget and staff shortages. Recently HealthyHerts have been forced into moving many of their services to remote and online delivery, but this appears to have worked to their advantage. They would like you to assess the long-term security implications of continuing online services and a remote workforce and see what risks it may present and whether it is viable. HealthyHerts has the following current systems and processes: A local-area network for the employees which provides provision for administration and appointments, consultations, website design, personnel and HR; this is configured on one network that is not segmented (or sub-netted into separate VLANs).There is a company firewall configured with several access-control lists to limit malicious traffic.There is only one gateway router with minimal security. It requires a username and password for console access and allows telnet access for remote configuration and management. Host machines have a windows 7 or windows 10 installation, using windows defender and host firewall. They have some user and local security policy restrictions, such as users cannot install programs (though they can download), password complexity is turned on, but nothing further is enforced. The technicians monitor and update the host applications and OS’s regularly but not systematically. There are no separate groups of users configured, staff shared files (such as the customer orders) are available on one shared drive. The company makes limited use of a directory service, such as Active directory, for authentication to the network. Authorisation and privileges are broadly all the same for all members of staff. There are a couple of administration accounts whose credentials are only know by the IT technicians. When staff leave their accounts are disabled at the end of the month by the IT staff.Customer payments (when needed for paid consultations and services) are processed via Paypal or third-party payment vendors such as Visa, but HealthyHerts stores all details (except for credit card/payment details) of the orders and what services the clients use.The company’s e-commerce website was built using a template. Some penetration testing by InfoSafe has revealed web application weaknesses including a vulnerability to SQL injection type attacks; allowing arbitrary SQL statements to be executed as commands on the server, granting full access to resources.In LAN design, at the HealhtyHerts office: the switches in the network are not configured for VLANs nor port-security. They do require a username and password for console access, but this password is in plain-text in the running configuration. There is little redundancy in the network.Backups are made on a weekly basis to a RAID 5 server in the server room. There is a wireless network in the office cafeteria, using WPA-PSK encryption. If staff work remotely, they enable team viewer on their machine in the office and utilise that from their machine at home (or outside) to access resources at work. Or they just use their home laptops and networks. They sometimes (but not consistently) use a VPN, they use the office outlook email (accessed over the internet) and do not always encrypt their files. Consultation staff are currently running client sessions in both zoom and Microsoft teams meetings. Personnel enter the building past the reception desk, which is manned from 8am – 5pm.  The building has a single supervisor who goes home at 8pm after locking up the building. The company internet and computer usage policies have not been updated since 2012The staff do regular training on health and safety, administration, diversity and recently on GDPR. HealthyHerts has no definitive CERT or incident response plan but relies on its IT staff for information and data security and systems availability.   Reporting Your team at InfoSafe need to prepare a detailed report (in an academically formal format) for HealthyHerts. There can be any number of people to your team (up to a maximum of six).   Each member of the team is to pick one ‘Threat-Vector’ that the company faces – either from the list below or by approval with your tutor. Each team-member must choose a different threat vector.   Common Threat Vectors   Users/PeopleMisconfigured Networks and Endpoints Remote Networks and Email Wireless devices (such as WiFi laptops, hotspots and mobiles)Web applications and emerging technologies (like the Internet of Things)Weak Authentication and Compromised Credentials   Each team-member will independently write a section of the report about their chosen threat-vector. A range of professional and academic resources (such as journals, white-papers, books and respected websites) should be researched and referenced appropriately throughout. You will upload to Breo a copy of your own section/report, together with a link to the google document (or similar) that contains the whole group collective/collaborative work.   Each report should do the following. [Everything must show evidence of research of recent, relevant journal, books and white-papers; correctly referenced in the Harvard style in both in-text citations and in a bibliography.]   Evaluate the Threat – Threat-Vector Assessment (1000 words max)– Evaluate the increasing need for cyber-security in health organisations. Outline the threat-vector given in the information security scenario, describing the types of cyber-attack that threat vector is vulnerable to and critically evaluating relevant flaws in the current system(s). Reference might be made to the principles of cybersecurity and the McCumber Cube.   Approach to Defence-in-Depth – Briefly evaluate the need for principles of least privilege and defence in depth/layered security approaches to cyber-defence for this scenario.   Methods of mitigation/risk avoidance – outline the steps needed to secure HealthyHerts from attacks on this kind of threat-vector or at least limit their impact. Give recommendations for cyber-defence, making suggestions for improvements to the information Security of HealthyHerts, targeting the three pillars of cybersecurity: people, processes and technology (products), for your chosen threat vector. Justify the choices and selections of information security tools and techniques included in your solution for the given scenario.   Your section should be no longer than 1500-2000 words (approximately 3.5 pages single-spaced in Calibri sized 11 font)   References/Bibliography must be provided It is the responsibility of each team member to ensure that citations and references are made correctly. Each section should include information taken from professional and academically suitable resources and be referenced correctly both within the body text and in the end bibliography/references section in the Harvard style. Correct referencing will account for approximately 5% of the marking in each section.   Assignment Requirements Avoid using quoted text unless it is essential. Too many quoted pieces of text will result in marks deducted as it does not show your own work.All references used must be within the past 5 years and only use earlier ones if you are referring to a standard, original work start date, start of a theory, etc. All references must come from quality sources such as journals, and conferences. Some reputable websites may be used. There should be a range of resources used including books, journals and websites.Wikis, blogs, and similar websites are not usually accepted. Such sites do not have reliable content.
Is there a size limit?
You are required to follow and meet the Assessment Specifications stated below: What to Submit (READ THESE AND FOLLOW THEM CAREFULLY) A copy of your section of the report written using Microsoft Word, the report should also contain a link to the shared group report e.g. a google doc (to prove collaboration and consolidation and teamwork). The file name should be written as: YOURINTIALSANDSTUDENTNUMBERCIS097-A1.docx. Only Microsoft Word or equivalent files will be accepted. No compressed files should be submitted.The maximum number of words per student contribution is 1500-2000 words (not including those in pictures, tables or figures). Groups will be limited to six students only. Assignments should be formatted in an Arial or Calibri 11pts font style – Single spacing should be used.Make sure that each group member should have their name and student ID clearly shown against each section they contributed to in the group report. This file should be submitted via the Assignment 1 link under the Assessment & Feedback section.No hard copy is required, and none will be accepted. Emailed copies of the submission will not be accepted. You are allowed multiple submissions prior to the deadline using the BREO link, with the last one submitted is the one to be marked.
What do I need to do to pass? (Threshold Expectations from UIF)
Apply your knowledge of information security to a given real-world problemEvaluate the concept of the defence-in-depth approach to cyber-defence Outline the threat vector given an information security scenarioOutline the steps needed to secure a computer system and/or give recommendations for cyber-defenceJustify the choices and selections of information security tools and techniques included in your solution to a given scenario
How do I produce high quality work that merits a good grade?
By addressing all the assessment requirements and threshold expectations stated above and following the comments in the Marks & Feedback section below.
How does assignment relate to what we are doing in scheduled sessions?
This assessment is a Group Project. This is designed to test students’ understanding of security threats and mitigations through the application of problem-solving skills to analyse, design and validate solutions to a real-world scenario. In this assessment, you will be able to explain fundamental concepts of information security management; and recognise the methods and techniques necessary for securing an organisation’s IT systems and networks. The assignment uses a case study where students are required to engage in an enquiry around a collaborative activity including the development of a solution for the case study requirements. This collaborative work (up to 6 students per group) will involve a written report for 70% of the unit assessments weight.

Get MOD005714 Data center assignment help !!

 

TO BE COMPLETED

How will my assignment be marked?
Your assignment be marked according to the threshold expectations and the criteria on the following page.   You can use them to evaluate your own work and estimate your grade before you submit.
 0-34%35-39%40-49%50-59%60-69%70%+
Individual Section in the Main Report 100%                       Report poorly structured and/or written with numerous grammar and spelling mistakes.   Fails to demonstrate evidence of understanding of the main issues and limited argument or analysis. No clear or logical conclusions.   Lack of academic sources and poor referencing technique.  Some attempt at articulation and structure but grammar and spelling deficiencies impair clarity and are unprofessional or non-academic in places.   Weaknesses in knowledge of theory. Main issues not appraised or identified.   Few sources and poor referencing technique. Adequate attempt at structure and format. Generally competently written, though grammar occasionally makes meaning unclear.    Demonstrates some adequate knowledge but limited evaluation or critical appraisal of main issues.  Conclusions are not always logical.   Some relevant sources, some weakness in referencing.Competently written with only minor spelling and grammar mistakes and satisfactory report structure.   Demonstrates a good level of understanding and evidence of attempted critical analysis and evaluation. Fairly clear and logical conclusions.   A range of sources mostly accurately cited both in the body text and in the bibliography.A very well written answer which is directly relevant, has the correct academic style and structure and only has minor spelling and grammar mistakes.   Demonstrates very good understanding and knowledge. There is some critical analysis and evaluation of the materials and clear conclusions.   A large range of sources are accurately cited both in the body text and in the bibliography.Very well written report with accurate spelling and grammar and good structure, presentation, format and flow.    Excellent knowledge and understanding demonstrated with critical evaluation which shows evidence of independent thinking and academically interesting conclusions and future recommendations.   A good range of modern and relevant sources used and cited accurately.
Total marks 100%[AM1] 

Get Cookery Assignments now !!

 [AM1]Make sure the total is 100% – some percentages may need to go down

Leave a Reply

Your email address will not be published. Required fields are marked *