title | subtitle |
---|---|
Introduction to Cyber Security |
Coursework |
Overview
Assessment Brief
The assessment requires students to individually produce a security assessment of an organisation. The output will be in the form of a report of approximately 1500 words.
The submission deadline is 16/4/2020
Learning Outcomes
- Identify a range of cyber security threats faced by individuals and organisations.
- Evaluate prevention, identification and mitigation methods appropriate to a variety of security scenarios
- Demonstrate an understanding of the legal and ethical issues surrounding cyber security
Coursework
Scenario
The Cirrus Cybernetic Corporation is an organisation that develops next generation robotics.
The organisation has several hundred employees, and includes departments for:
- Management
- HR
- Accounting
- Maintenance
The organisation has a Website, showing company information, and providing "Chat" and Forums for Customers to ask questions.
There is also a staff Portal accessible VIA the web interface. The staff portal allows authenticated staff members to search and display customer account information. Access to the staff area is through a single sign on system (IE the staff member has the same Username and password for their Desktop PC and the Intranet)
Recently there was a web security incident, where an attacker was able to access the organisation database. The initial analysis of the attack suggests that it was launched from somewhere inside the company network.
Tasks
You have been asked to develop a report on the security of the organisation above. All of the information you require about the organisation is given in the "Scenario" section, although you are expected to do some research on cyber security issues that might relate to the organisation.
This report should be written at a high level, suitable for a non-technical management audience. Your report should focus on two selected aspects of your choice, one each of:
- A Technical aspect to security (such as how do we secure data, recommendations for security software)
- A Human Aspect to security (what issues do the staff face, how can we protect against them)
Foe each aspect, select ONE factor (for example, Phishing, or a specific Web vulnerability) that is a threat to the organisation, and give details of:
- What the Threat is
- How the threat occurs
- Examples of the Threat in the Real world
- Suggestions to mitigate the threat.
Marking Scheme
Report Contents (90%)
-
Introduction (10%)
Should introduce the subject, and provide context to the issues discussed in the report
-
Background Research (10%)
Introduction to Cyber Security, what are the key threats, and how are they relevant to the organisation
-
Technical Threat (30%)
Should include details of:
- What the Threat is
- How the threat occurs
- Examples of the Threat in the Real world
- Suggestions to mitigate the threat.
-
Human Factors Threat (30%)
- What the Threat is
- How the threat occurs
- Examples of the Threat in the Real world
- Suggestions to mitigate the threat.
-
Conclusions (10%)
Report Structure (10%)
- Appropriate structure, use of diagrams and referencing
Grade | Element |
---|---|
0-39 | Work mainly incomplete and /or weaknesses in most areas |
40-49 | Most elements completed; weaknesses outweigh strengths |
50-59 | Most elements are strong, minor weaknesses |
60-69 | Strengths in all elements |
70+ | work exceeds the standard expected |
80+ | All work substantially exceeds the standard expected |