HI6006 Competitive Strategy
ITC 556 | NORMALISATION QUESTION |
February 22, 2018
HI6006 Competitive Strategy
ITC504 | DESIGN CONCEPT | USER INTERFACE
February 22, 2018

CO4512 | RISK ASSESSMENT ASSIGNMENT

HI6006 Competitive Strategy

CO4512 | RISK ASSESSMENT ASSIGNMENT | INFORMATION SECURITY MANAGEMENT

IT Assignment Help

  1. Learning Outcomes

This assignment addresses the following learning outcomes from the module syllabus:

  • LO1 – Select and use applicable standards and methods for information security and risk management.
  • LO3 – Conduct and properly document risk assessment based on a given scenario.
  • LO4 – Find and evaluate appropriate published information to remain up-to-date about threats, vulnerabilities and patches.
  1. Assignment Description

This assignment requires you to plan, conduct and document a risk assessment based on the scenario described in Section 3. You should carefully read the marking scheme (refer to Section 5) to have a clear perception of what is the expected content of the risk assessment report you have to deliver and how it will be evaluated.

The scenario is described in broad terms, therefore, you may need to make assumptions and set a scope for the risk assessment; all this has to be documented in the report. Additionally, any use of published information has to be properly referenced with in-text citation and a corresponding item in the references list using the Harvard style consistently.

  1. Scenario Description

A cloud service provider in UK, CloudXYZ, hired your team to set up their IT network/system. The company provides (i) secure storage and (ii) virtual server services for both individual customers and organizations. The goal of the security system is to prevent or minimize the business loss caused by possible incidents, such as malfunction, information stealing, data modification, deletion or destruction, etc. Your colleagues in the team have proposed the first version of the security network architecture depicted in Figure 1. As a person responsible for risk assessment your task is to conduct a risk assessment on this system.

In Figure 1 the internal network of CloudXYZ is denoted by the dashed box, and all the assets in this dashed box are located in the company premise in UK.

In Figure 1 the internal network of CloudXYZ is denoted by the dashed box. The authentication server is responsible for authenticating the credentials (usually account names and passwords) of the customers. When performing authentication tasks the authentication server may communicate with the customer database which stores information about the customers. After successful authentication, the customers will be able to access to their data stored in the cloud storage (one of the machine denoted by S) or log into their hired virtual servers (hosted by one of the servers denoted by V). Company employees, such as HR can use their computers to download customers’ information, while administrators can use their computer to maintain/improve and monitor the operation of the servers and storages.

The communications among the servers and employee computers take place within the intranet (i.e., private network) of the company. The web and mail servers are placed in the DMZ (Demilitarized Zone) of the bank network to provide web interface to customers and visitors, as well as email services to the employees and customers. The communication between the untrusted outside world (such as Internet) and the DMZ is filtered and protected by a firewall and/or an intrusion detection system (IDS). In addition, the communication between the DMZ and the intranet is also protected by another firewall and/or IDS. Individual visitors/customers and organizations can browse the website of CloudXYZ and register/login with their PCs or smart phones via Internet.

  • Your task

The management board of the service provider would like to be sure if the proposed network system (in Figure 1) meets their goal, and hence, hired you, a security expert, to perform a risk assessment on this network. In this assignment you have to:

  1. Conduct a risk assessment on the network in Figure 1, based on the ISO standard.
  2. Write a detailed risk assessment report (see Section 4 for the required structure).
  • Flexibility of the software/hardware/firmware parameters

As you can see, there are no specific hardware and software given in the Figure 1. To avoid working in the entirely same network (and hence copying from each other), before doing the risk assessment, you have to specify the system parameters and the system boundaries, including the used operating systems, hardware, software/applications and firmware. Ideally, each of you will work with different sets of system parameters/scope that you chose or specified.

  1. Report Structure

To meet the requirements your report must have a professional look. In order to help you in this regard the following structure is provided as a guideline. The report must contain the following main sections, however, you are allowed to add subsections as you find reasonable.

Introduction

Here you will specify the risk assessment method that you use, discuss the advantages of this risk assessment method. Finally, highlight the certain tasks that you will perform during the risk assessment on the given system.

Risk Assessment

This section contains the main part (result) of the report, namely, the whole risk assessment process made on the system in Figure 1, besides your chosen system parameters. The section can include several sub-sections:

  • Owner specification,
  • Assets (primary and secondary). You should explain briefly why the assets are primary or secondary. You can give a collective explanation for a group of assets instead of explaining for each asset.
  • Threats for each asset (at most 3 threats).
  • Vulnerabilities for each asset (at most 2 vulnerabilities). The vulnerabilities have to be taken from one of the online vulnerability database (e.g. NVD), and have to be given with the official CVE- number.
  • Likelihood level computation, using Boston gird
  • Impact table specification
  • Risk identification with the risk level. using Boston grid.
    • At most 10 risks should be given.

Summary and Recommendations

In this section you summarize the main findings and write a non-technical recommendation (executive summary) for the management/director board, summarizing why they should invest in security and follow the ISO 27001 standards.

Word limit for the report: 2000 words (flexible), excluding the entire bibliography list.  

You should use Microsoft Word to complete this assignment. If you use a word processor other than Microsoft Word then you should check to ensure that the document layout is the same as Microsoft Word. Microsoft Word is available on the University network.

Set up your Word Document with the following:

  • Margin sizes of 2.54 centimetres
  • Font of Calibri
  • Font size of 11
  • Line spacing of 1.15
  1. Evaluation Criteria

This assignment has only one deliverable which will be marked according to students’ ability to:

  • Plan a risk assessment
  • Conduct a risk assessment
  • Documentation

Each marking criterion is refined into 4 or 5 sub-criteria that will be individually evaluated to determine the level achieved by the student. The marks will be banded to the pre-defined scales based on UCLan regulation.

  1. Submission

The risk assessment report should be submitted as a .docx to the appropriate assignment submission slot on eLearn by the due date. All references and in-text citations in the report should follow the Harvard style of referencing

  1. Penalties for Late Submission

Except where an extension of the hand-in and/or discussion deadline dates have been approved (based on extenuating circumstances forms), lateness penalties will be applied in accordance with University policy as shown in Table 1. Late work must be submitted to eLearn in the required assignment slot.

(Working) Days Late Penalty
Up to 5 Maximum mark 50%
More than 5 0%
  1. Extenuating Circumstances

If you believe that there are circumstances that justify an extension of the hand-in deadline for assignment work, you are required to use the Extenuating Circumstances forms (available online based on the EC request procedure via myUCLAN.) Extensions (to a maximum of 10 working days) are granted when there are serious and exceptional factors outside your control. Everyday occurrences such as colds and hay fever do not normally qualify for extensions. Where possible, requests for extensions should be made before the hand-in date.

The school considers extenuating circumstances to be conditions that significantly impact on your work. Typically these will cover more than one module. Requests for consideration of extenuating circumstances in respect of assignment work submission, should be made using the extenuating circumstances envelope.

You are advised to speak to your Course Leader/pastoral tutors prior to completing these envelopes. Whilst extenuating circumstances are being considered, you are advised to inform relevant staff members, and continue with the assignment. Extenuating circumstances should be submitted via MyUCLan.

  1. Feedback

Feedback will be given to the class within 15 working days of the assignment final submission, i.e., 15 working days counting from the due date. This may take the format of a generic feedback (within 15 working days) followed by individual written feedback, or individual feedback using the feedback sheet.

Individual written feedback will be tied to the Learning Outcomes listed in this assignment brief, together with any additional helpful feedback such as areas of strength and/or areas for improvement.

  1. Plagiarism

The University operates an electronic plagiarism detection service (Turnitin) where your work will be automatically uploaded, stored and cross-referenced against other material. You should be aware that the software searches the World Wide Web, extensive databases of reference material and work submitted by members of the same class to identify duplication.

To avoid accusations of plagiarism, give an in-text citation and provide bibliographic details of any source used in the references list. Remember that you can reuse ideas from different sources but not literal text.

Plagiarism is not acceptable and you will face consequences when it is detected by Turnitin. For detailed information on the procedures relating to plagiarism, please see the current version of the University Academic Regulations

  1. Reassessment and Revision

Reassessment in written examinations and coursework is at the discretion of the Course Assessment Board and is dealt with strictly in accordance with University policy and procedures. Revision classes for referrals will take place during ‘reassessment revision, appeals and guidance week’ as marked on the academic calendar.

The mark for the reassessed module is subject to a maximum of 50%

MARKING SCHEME

CO4512 Assignment

Student:

To be awarded a failing grade (less than 50%) your work will not have met the required standard.

The following (non-exhaustive) list contains examples that may cause your work to fail (several of the following points together would lead to a fail).

 

·         Very badly structured, no paragraphs/sections/subsections, or badly structured, very few (and long) paragraphs/sections/subsections.

·         Very badly written cannot understand many typos and grammatical issues

·         No or very limited in-text citation or not Harvard style at all.

·         Unsatisfactory Risk Assessment Plan (incorrect/missing assets, assets category, scope, legal issues)

·         Unsatisfactory Risk Assessment (incorrect/missing threats, vulnerabilities, impacts)

·         Unsatisfactory Risk Evaluation (incorrect/missing Boston grid calculations)

·         Unsatisfactory Management report and Technical Report (very badly written, incorrect use of techy terms)

To be awarded a pass mark (52, 55, 58) your work will be of a competent standard.

 

·         Acceptable structure, some paragraphs sections/subsections                                                                but still miss some sections/subsections/paragraphs

·         Acceptable sentencesmay contain some typos and grammatical issuesunderstandable writing skill

·         Acceptable number and style of in-text citations, but several may be inappropriate.

·         Satisfactory Risk Assessment Plan (acceptable level of Plan, but may contain incorrect/missing assets or assets category or scope, or legal issues)

·         Satisfactory Risk Assessment (acceptable level of Assessment, but may contain incorrect/missing threats, or vulnerabilities, or impacts)

·         Satisfactory Risk Evaluation (acceptable level of Evaluation, but may contain incorrect/missing Boston grid calculations)

·         Satisfactory Management report and Technical Report (acceptable writing skill, but may contain some incorrect use of techy terms)

 

Your report structure and writing style (compact/focused) as well as the number of incorrect or inappropriate risk plan/assessment elements will be used to determine whether you receive a low (52), mid (55) or high (58) pass grade.

 

To be awarded a merit grade (62, 65, 68) your work will be of a very good standard.

 

·         Good structure, some paragraphs sections/subsections but still miss small number of  sections/subsections/paragraphs

·         Good sentencesmay contain few typos and grammatical issuesgood writing skill

·         Good number and style of in-text citations, but few of them may be inappropriate.

·         Good Risk Assessment Plan (good level of Plan, but may contain few incorrect/missing assets or assets category or scope, or legal issues)

·         Good Risk Assessment (good level of Assessment, but may contain few incorrect/missing threats, or vulnerabilities, or impacts)

·         Good Risk Evaluation (good level of Evaluation, but may contain few incorrect/missing Boston grid calculations)

·         Good Management report and Technical Report (good writing skill, but may contain few incorrect use of techy terms)

 

Your report structure and writing style (professional/compact/focused) as well as the number of incorrect or inappropriate risk plan/assessment elements will be used to determine whether you receive a low (62), mid (65) or high (68) merit grade.

 

To be awarded a distinctive grade (74, 81, 89, 96, 100) your work will be of an excellent standard.

 

·         Outstanding/Excellent structure, some paragraphs sections/subsections

·         Outstanding/Excellent sentencesmay contain very few/no typos and grammatical issues/very good writing skill

·         Outstanding/Excellent number and style of in-text citations, only very few or none of them are inappropriate.

·         Outstanding/Excellent Risk Assessment Plan (very good level of Plan, with only very few or no incorrect/missing assets, assets category,  scope, and legal issues)

·         Outstanding/Excellent Risk Assessment (very good level of Assessment, with only very few or no incorrect/missing threats, vulnerabilities, and impacts)

·         Outstanding/Excellent Risk Evaluation (very good level of Evaluation, with only very few or no incorrect/missing Boston grid calculations)

·         Outstanding/Excellent Management report and Technical Report (very good writing skill, with only very few or no incorrect use of techy terms)

Your research paper structure and writing style (professional/compact/focused) will be used to determine whether you receive a low (74), mid (81), high (89), very high (96) or exception distinction (100).

Punjab Assignment Help

Buy Online Assignment Help services for IT Assignments with Punjab Assignment Help at punjabassignmenthelp@gmail.com

Punjab Assignment help
Punjab Assignment help
Punjab assignment help is Australia's leading assignment help company with the widest range of assignment help services with subject range from Accounting, finance, economics, statistics, human resource, marketing, Programming, Java, IT, database and many more. Connect with us at punjabassignmenthelp@gmail.com

Leave a Reply

Your email address will not be published. Required fields are marked *