Information Security Concepts and Principals

Assessment brief:

Information Security Concepts and Principals

Securing a hybrid Network

Individual

Weighting: 80% Magnitude: 2500 word report

Module Learning Outcomes

Develop a deep understanding of the fundamental concepts, principles and theoretical models relevant to the role of information system security (ISS) professional

Develop critical, analytical and practical skills with respect to ISS

Develop a critical approach to evaluation of risk, threat and countermeasure in the specification, design and implementation of secure information systems.

Context

Network security aims to ensure the confidentiality, integrity and availability of interconnected systems and information. Due to the wide-ranging environments and platforms that are in use, and the lack of security awareness by many users, network security is a complex task. This has resulted in a high level of data loss or theft amongst business users, particularly in relation to information stored on Web and cloud servers. This assignment allows you to build your knowledge and understanding of the theoretical issues in cyber-Security. In particular, you will demonstrate the threats to networked computers and ways in which these threats may be mitigated by the deployment of appropriate security countermeasures. To pass the coursework you must make recommendations for a network map in a DevOps environment. This assignment builds on experience gained in lecture and lab sessions supported by your own research. This is an individual coursework.

With the interconnected nature of technology today, securing our networked systems and data against attack is a major concern for organisations. Security assessments of our data, computers, applications and networks enable us to put in place technical countermeasures to mitigate attacks against those systems.

Your report should not exceed 2500 words. Details of all your work on the assignment should be included in the report. You are encouraged to link any references in the practical elements of the assignment to relevant academic literature and industry standards. Particular care should be made to ensure that the report contains correct references to all cited work in an appropriate style, for example, the APA 7 System. You should submit your report to Turnitin and the Blackboard submission point before the assignment deadline.

The coursework involves a security assessment of the Network in Appendix A. You will need to identify and utilise various countermeasures and techniques to provide a secure network for the company and users.

You will be providing recommendations for each component of the network to secure the environment. You will write a report detailing how you secure the environment, and each recommendation Should be followed by a justification. The report should be aimed at management and director level and should be written in a professional manner.

The aim of the assignment is to provide a complete recommendation list to provide security in a DevOps environment. If there is no recommendation for any part, that is still a recommendation and should be discussed in the reportScenario:

An organisation uses a Microsoft Azure platform as a service (PaaS) hosted Web application architecture. The architecture handles routine business operations and services as well hosting sensitive information, which if lost or stolen could have damaging consequences for the organisation. The organisation anticipates the need to defend its data or services against threat or compromise by attackers or malicious actors. The architecture, as detailed in Appendix A, uses Azure PaaS components to deliver an environment that allows customers to avoid the expense and complexity of buying software licenses, of managing the underlying application infrastructure and middleware or the development tools, and other resources. The organisation manages the applications and services that they develop whilst Microsoft Azure manages the other Azure resources such as virtual machines, storage and networking, putting more of the division of responsibility for infrastructure management on to the Azure platform. Azure App Services offers auto-scaling, high availability, supports Windows and Linux, and enables automated deployments from GitHub, Azure DevOps, or any Git repository as default services. It is possible to build new Java, PHP, Node.js, Python, HTML or C# web applications or also to migrate existing cloud or on premises Web applications to Azure App Services. You are required to provide recommendations to the organisation that would secure this environment.

Task:

You are required to:

Perform extensive research on current trends, threats and solutions in cloud computing security

Provide a list of standards and frameworks for securing cloud and propose a security model

Provide a list of technologies, tools, techniques and software necessary to secure the network architecture as detailed in Appendix A.

You will then write a report detailing your recommendations and their justifications. In addition, it will also detail what you will do to secure the Web server. The report should be aimed at management and director level and should be written in a professional manner.

The coursework marking scheme is available via Blackboard. Please read it as it will help you undertake this assignment.

Appendix 1: