Assessment 3: Details and instructions

Assessment 3: Details and instructions

Due date6/6/2024 - 11.59 pm (AEST/AEDT)

Weighting45%

Word count/length2500 words

The reference list is not included in the word count, but in-text citations are included.

Despite the strictest security protocols and measures, every organization has certain vulnerabilities that can be exploited by hacking attacks. Once these vulnerabilities are identified, cyber security professionals need to be well-equipped to securing them. Occasionally, however, these may not be secured in time. A security consultant also needs to be able to counter the attack with the resources available.

ThisAssignment 2requires you think about the multiple ways in which a business or an organizations security vulnerabilities can be exploited, and you will be required to defend against such attempts so as to disrupt a hacking attack and securing the organizations vulnerabilities.

Instructions

In this assignment, you will be provided with three context briefs from which you will be required to select any one business or organization for your analysis and complete the tasks below (A & B). As much as possible, focus on the details provided in the brief. Where information is not provided but integral to your analysis, make reasonable assumptions (which should be clearly stated and explained).

Vulnerability Analysis

Security Plan

1. Vulnerability Analysis

You will be required to assess organizational vulnerabilities for your chosen context and develop a defense plan to disrupt the hackers activities.

Selectthreeorganization vulnerabilities and compare them in terms of:

Level of potential exposure

Likelihood of this vulnerability being exploited.

Magnitude of potential impacts

Please note that yourthreeselected vulnerabilities should vary in all the above-mentioned characteristics.

2.Security Plan

Based on your chosen vulnerabilities,propose asecurity planthat can be implemented by your organisation to reduce exposure. Your security plan should include:

Focus on thesocial and organisation elementsof ensuring good security, and the trade-offs between security and freedom.

Suggest3 approachesthis organisation could take to enhance their cybersecurity, and for each approach discussThe resources required to implement this frameworkEvaluation of the effectiveness vs. costs of your proposed security plan

Ability of the proposed framework to cover multiple vulnerabilitiesImplications on the organisation and their core business

Trade-offs between security, privacy and freedom

How does the global environment around hacking improve or complicate your defense plan? Discuss the role of the local and global hacking community. Provide an example of one global organisation that could help you.

Context 1: School

Location & environment

Inner suburb school

On the outskirts of the city, with both residential and commercial buildings

Mid to high-density area

Technology

Password-protected Wi-Fi for students and staff

3 computer labs with 10 computers and network-connected printers

Use of personal iPads and laptop computers is allowed for studentsUse of externally hosted learning management system, which also manages grades and enrolment.

Externally hosted email for students (Gmail)

Externally hosted file sharing (Google Drive)

Staff files are secured within school firewall and cloud-synchronized on nightly basis.

All files are backed up on the school server every night.

Staff HR system runs on the school server (located on the premises)

People

1000 student, from grade 10 to 12

48 teachers, 9 maintenance staff, 12 casual staff

All permanent staff require police checks.

Students have given email address with their student ID and the school domainOther people engaged with the school include parents, community organisations, government staff and vendors.

Context 2: Cafe

Location & environment

Inner suburb cafe

On the outskirts of the city, with both residential and commercial buildings

Mid to high-density area

Technology

Password-protected Wi-Fi for staff and patrons

iPads used for taking orders, sending orders wirelessly to kitchen, and transmitting to cashier countersExternally hosted file sharing for staff (Google Drive)

Staff HR and POS systems run on the cafe server (located on the premises)

POS (Point of Sales) system with integrated:

Payment technologies

Staff rosters

Operating hours

Hourly sales reports

All files are backed up on the cafe server every nightPOS system and staff files secured within caf firewall and cloud-synchronised on a nightly basisPeople

Permanent full-time staff: 3 baristas, 5 waiters, 1 manager

2 maintenance staff who come in every evening after closing (8 pm)

All permanent staff require police checksMaintenance staff require reference checks with their previous employer(s)

Context 3: Hospital

Location & environment

Inner suburb hospital

On the outskirts of the city, with both residential and commercial buildings

Mid to high-density area

Technology

Password-protected Wi-Fi for visitors/patients

Visitors and patients can request for password from any receptionistHospital staff use different network, also password-protectedInternally hosted email for staff

Nurses and doctors are given a hospital iPad, receptionists use desktopsExternally hosted software system to manage electronic medical and health records (EMR, EHR)

Billing system

Prescriptions

Scanned documents

Medication tracking

Staff HR system runs on the hospital server (located on the premises)

Staff files are secured within hospital firewall and cloud-synchronised on nightly basisAll files are backed up on the hospital server every nightCloud files include those from 3 other hospitals in the chain, in surrounding suburbsPeople

Permanent full-time staff: 200 doctors, 500 nurses, 20 receptionists

Casual: 35 maintenance staff

Operate on roster, 5 each dayPermanent staff have thorough police & background checks with referencesStaff have given email address with their staff ID and the hospital domainOther people engaged with the hospital include community organisations, government staff and student volunteers.

Helpful resources and reference materials to help you write a Security Plan:

GOVSEC - 03 - Security planning and risk management (protectivesecurity.gov.au)https://www.ferc.gov/sites/default/files/2020-04/security-plan-example.pdfhttps://www.protectioninternational.org/wp-content/uploads/2012/04/1-7_Manual_English_3rdEd.pdfhttps://uniserveit.com/blog/10-step-cybersecurity-plan-for-your-small-businesshttps://blog.rsisecurity.com/how-to-write-an-effective-cybersecurity-plan-for-your-small-business