This essay has been submitted by a student. This is not an example of the work written by professional essay writers.
Uncategorized

Computer and Information System

Admin 22 Apr 2024

Pssst… we can write an original essay just for you.

Any subject. Any type of essay. We’ll even meet a 3-hour deadline.

GET YOUR PRICE

writers online

Computer and Information System

Coursework Assessment

 

1.      Introduction

 

A group of students are required to analyze the Advanced Care Company and deliver a comprehensive report on Information Security Risk Assessment. Students should consider the following points. Please read the project specification document carefully.

 

  1. Operations
  2. Datacenter
  3. Network infrastructure
  4. Normal Operations
  5. Physical Security Issues
  6. Logical Security Issues
  7. Business Process
  8. Employees

After analysis of the company, each group is required to provide a report on Information Security Risk Assessment, which should include Systems Identification and Safeguard Determination phase. Students should work on the project in their own free time.

During the discussion, team members should be present. The team members who will be responsible for communication and project progress and choosing a team leader.

Students can use different templates available on the internet to seek help in designing the project requirements. Students should list all the used references.

 

 

 

 

 

 

 

 

 

 

 

 

2.      Project Requirements

 

Below are the project requirements where each group is supposed to fulfill.

a)    Introduction to the Case

Introduce the case study, its purpose, and its outcome.

b)    The Company

Provide an overview of the company; describe the business activities, core business function, and thorough analysis of the data center diagram including at least three vulnerabilities.

c)    Risk Determination Phase

For five records, describe each of the following based on the provided Advanced Care Company scenario. (Refer to Appendices for more details):

  1. Identify an asset and its owner
  2. Identify criticality of the asset to the company
  3. Identify a threat to the assets and its Likelihood
  4. Identify a vulnerability and the Likelihood of its exploitation by the identified threat
  5. Describethe risk to the asset
  6. Evaluate the risk to the asset

d)    Safeguard Determination Phase

For the previous five records, describe each of the following:

  1. Recommend three Controls based on the 20 critical security controls. For each control, recommend two sub controls based on the NIST 800-53 framework
  2. Determine the residual likelihood of threat occurrence after implementing the recommended controls.
  3. Determine residual severity of impact after implementing the recommended controls.
  4. Determine residual risk.

 

 

 

3.      Project Specifications

The Advanced Care Company is a software company that consists of 1100 total staff, employed at the headquarters and other branches across the UK. Its business model relies on electronic transactions with critical customers and suppliers.

The Advanced Care Company uses the IBM Cloud Foundry platform to manage transactions and communications between internal and external applications. The Advanced Care Company communicates with approximately 21 internal applications and 210 trading partners. It currently processes approximately 1.1 million documents per week and estimates that it will process 1.4 million documents per week by the end of 2022.

4.      Data Center Diagram

The following figure shows the data center diagram of Advanced Care Company.

 

Figure 1: Data Center Diagram of Advanced Care Company

5.      Potential Threats and Security Concerns

The Advanced Care Company wants to make sure that it receives and processes only messages from authenticated sources. It also wants to make sure that it can receive and retrieve documents from outside its corporate network as safe as possible. The security team enforced the company central authentication standards for local traffic and excluded remote traffic.  Besides, the firewall can be accessed internally via an HTTP connection to update its configurations.

The Company also wants to make sure that their email system is not hacked or cracked because they heavily rely on email messages from clients to process their transactions. The Company also wants to protect its data regarding its employees, customers, transactions, financial, and other documents related to business.

The Company allowed its employees to save company data on the cloud. However, the security team is unable to monitor data in transit to and from cloud applications.

Also, the Web Server can be accessed from outside the company using VPN connections. Finally, the company implemented a backup process to secure all critical data of the business. However, to save cost and time, no regular testing is performed.

6.      Recent Threats Faced By the Company

The following are the recent incidents faced by the company a few months ago.

  1. An employee received a call alerting him to a breach in the company’s internal network; about 300 clients were targeted on the company network. A Cross-site scripting attack on employee machines are reported. The hacker had managed to bypass the company’s entire security controls and gain access to user information.
  2. Two senior management email accounts were hacked. The security team suspects that via social engineering or a malware the attackers obtained access to the email.
  3. The IT helpdesk team reported that two IBM Cloud Foundry servers failed to respond in the middle of the day when most of the transactions were processing. A cluster of IBM Cloud Foundry servers is running in the datacenter and suppose to take over if one of the servers fails, but it did not happen. A network team member examined the situation and figured out that the problem in the network connection did not force the redundant server to take over. However, it took him a long time to fix the issue, which resulted in many transaction failure and loss of revenue.
  4. The security team uses Windows-based machine to configure Linux-based systems which resulted in a malware to spread in the internal network of the company.
  5. An employee noticed some unknown processes active in one server. The employee immediately thought of an internal intrusion. The security team announced an incident and called for a meeting. About 20 employees attended the meeting, which resulted in significant confusion.
  6. During an internal audit, it is found that the security team used to manage different devices such as firewalls and intrusion detection systems from a Windows-based machine using a wireless connection.

 

ReportRequirements

 

  1. 1. MSWordreport with 1000wor
  2. 2. Font:TimesNewRoman,size1
  3. 3. APAreferencingwithin-textreferencesanda“references”pag

 

  Remember! This is just a sample.

Save time and get your custom paper from our expert writers

 Get started in just 3 minutes
 Sit back relax and leave the writing to us
 Sources and citations are provided
 100% Plagiarism free
GET CUSTOM ESSAY
Copyright © 2019
error: Content is protected !!
×
Hi, my name is Jenn 👋

In case you can’t find a sample example, our professional writers are ready to help you with writing your own paper. All you need to do is fill out a short form and submit an order

Check Out the Form
Need Help?
Dont be shy to ask