CIS 2103 – Principles of Information Assurance, Security & Privacy

  1. Scenario

 

Part 1: Risk Control and Cost Benefit Analysis (CLO2):

You are the new information security consultant company for the XYZ Group, a medium-sized software development company. Before hiring you, the company had been plagued with security incidents that are listed below. Management has asked you to help assess the risk and conduct a cost/benefit analysis of proposed solutions.

 

  • Incident #1: Two years ago, plans for a new product were leaked onto the Internet, and as a result a competitor was able to produce a rival version of the software and get it to market first. XYZ estimates that sales of that software, which were expected to be at $1 million annually, were reduced by 50% due to the information leakage. Next year, the company is planning to introduce a new software that will be a major upgrade to the previous model. It should regain the company’s market share in that product line. The cost for averting a similar information leak for the new product is not yet known, but training the staff, which would cost about $50,000 per year, is expected to reduce the risk by half.

 

  • Incident #2: This year, the company had a virus attack that took half of their customer support help desk offline for two days. Contracts fulfilled using the system are worth $10,000 every day. A similar virus attack is expected to happen every year. Upgrading the antivirus would cost $20,000 in licensing annually.

 

  • Incident #3: Last year’s wildfire in the surrounding hills closed access to the business for two days. Wildfires happen every year. Additionally, the area is in an earthquake fault zone. An earthquake of enough magnitude to severely disrupt operations for several months happens about once every 10 years.

Answer the following questions as part of your analysis:

Note: You need to provide full detail of your analysis of the case study. Providing answers to the below questions should help you with your analysis and must be viewed as guidance for your full answer. Refer to the detailed Rubric at the end of this document for full detail of the requirements for each grade category.

  • With regards to Incident #1, the information leakage event, would training the staff be a cost-effective measure to mitigate future incidents?
  • With regards to Incident #2, the virus attack, would purchasing the antivirus license be a cost-effective solution?
  • With regards to Incident #3, which scenario (earthquakes or wildfires) should management devote more of its resources towards mitigating? What would be an appropriate risk response?

 

Part 2: Threat Assessment and Countermeasures (CLO1,3):

Management of the XYZ Group attended a seminar and came back with a list of threat agents who could possibly harm the network. These are:

  • The inept user
  • The malicious hacker
  • The corporate spy

Management is wondering if any of these might have played a role in the previous information leakage incident that has so far cost the company $500,000 in lost sales annually.

 

Answer the following questions as part of your analysis:

Note: You need to provide full detail of your analysis of the case study. Providing answers to the below questions should help you with your analysis and must be viewed as guidance for your full answer. Refer to the detailed Rubric at the end of this document for full detail of the requirements for each grade category.

  • Which of the three threat agents might have played a role in the information leakage incident?
  • What possible threat agent actions occurred during the information leakage incident?
  • How do you think the product plans were stolen? What do you think were the possible avenues of attack?
  • What recommendations would you make to mitigate this risk for the upcoming product?

Part 3: Contingency Planning (CLO2)

Your recent threat modeling activity at XYZ Group really opened management’s eyes to the need for risk management. Now the company is concerned that a major incident could severely disrupt the company, or even put it out of business. The senior management team flew to an executive retreat last week where they were introduced to the idea of business continuity planning. They have just returned from the retreat, and have asked you to help them to better understand the BCP process.

Answer the following questions as part of your analysis:

Note: You need to provide full detail of your analysis of the case study. Providing answers to the below questions should help you with your analysis and must be viewed as guidance for your full answer. Refer to the detailed Rubric at the end of this document for full detail of the requirements for each grade category.

  • What business continuity disasters do the XYZ Group face?
  • What are some of the critical business processes that XYZ needs to sustain during a disaster?
  • Which processes do you think XYZ should recover first?
  • After developing the BCP, what do you think will be the most critical exercise to perform to ensure that the BCP will save the company during a disaster?
  • How can you ensure that the BCP will be executed properly during the disaster?

 

Part 4: Security Outsourcing (CLO5)

The company is about to launch a new online product. Realizing that it will soon have to support customers in all time zones, management is considering outsourcing its help desk to provide round-the-clock customer care. Three competing vendors, two of which are offshore, are being considered for the contract. Each vendor is being championed by a different manager. You have been tasked with assisting the vetting process of the prospective vendors.

Answer the following questions as part of your analysis:

Note: You need to provide full detail of your analysis of the case study. Providing answers to the below questions should help you with your analysis and must be viewed as guidance for your full answer. Refer to the detailed Rubric at the end of this document for full detail of the requirements for each grade category.

  • What would you consider to be the most important factors when evaluating the three competing vendors? Why?
  • Would you handle your evaluation of the offshore vendors differently from the local vendor? If so, what would you focus on the most and why?

 

Part 5: Personnel and Security Policies (CLO4,5):

Response to the company’s new online product has been overwhelming. In order keep up with demand, the company must quickly expand itself. Management is using this opportunity to implement a more formal organizational structure at corporate headquarters. New roles are being created in all departments. Some employees will be promoted into new positions, and some who have not performed will be reassigned, demoted, or terminated. Many new people will be hired to fill sales, marketing, customer service, accounting, and management positions. Some staffers who used to enjoy broad privileges (particularly IT personnel) will find their new duties more focused and restrictive. The company is planning to hire contractors and temporary employees to help with the work until more permanent employees are hired.

 

You have been tasked with assisting management in applying personnel security best practices during the expansion process.

 

 

Answer the following questions as part of your analysis:

Note: You need to provide full detail of your analysis of the case study. Providing answers to the below questions should help you with your analysis and must be viewed as guidance for your full answer. Refer to the detailed Rubric at the end of this document for full detail of the requirements for each grade category.

  • As the company prepares to rapidly expand, which personnel security practice do you think should be implemented first and why?
  • Of all the employee roles mentioned, which ones do you think require the most job position sensitivity profiling and why?
  • How would you mitigate risk when reassigning, demoting, or terminating under-performing staff?

 

Part 6: Education, Training and Awareness (CLO3,4):

After the organization’s restructuring, management is concerned that new employees, and even existing employees in new roles, don’t have the adequate security knowledge that they should to keep the organization safe. Up until now, there hasn’t been any formal process for getting people trained on the company’s security policies, standards, and guidelines. Rather than continue to take a passive approach to people-based security, you’ve been tasked with planning a training program for all employees to go through.

Answer the following questions as part of your analysis:

Note: You need to provide full detail of your analysis of the case study. Providing answers to the below questions should help you with your analysis and must be viewed as guidance for your full answer. Refer to the detailed Rubric at the end of this document for full detail of the requirements for each grade category.

  • What security issues need to be addressed in this training program?
  • What are the objectives and expected outcomes for the training?
  • What are the key points that your training should include for general staff?
  • Other than general staff, how would you customize the training program for different job roles/levels (e.g., board of directors, management, IT staff, security personnel, etc.)?

 

 

  1. Project Tasks and Deliverables
  2. Group Report

This is a group effort and is worth 50% of the project grade.

 

Prepare a professional report which should address “at least” all the questions associated with each of the Parts (1-6) of the given scenario. Refer to the marking rubric for detail of the expectations.

 

Note: You need to provide full detail of your analysis of the whole case study. Providing answers to the guidance questions associated with each part should help you with your analysis and is the “minimum requirement”. It must be viewed as guidance for your full answer.

 

Refer to the detailed Rubric at the end of this document for full detail of the requirements for each grade category.

 

  1. Individual Reflection and Presentation

This is an individual effort and is worth 50% of the project grade.

 

Students are required to present their project and be ready to defend it. Each group member is expected to demonstrate knowledge of all the sections of the report.

The following are some points you need to take in consideration while working on the second part of this project:

First: The Final Presentation

  • The presentation will start with a general discussion about what you did during working on your group project.
  • A PowerPoint presentation or any other presentation tool can be used to prepare the slides.
  • The presentation slides should include a reference to each one of the required tasks.

 

Second: The Question & Answer Session (Oral Defense)

  • The presentation will be followed by a question/answer session in which each one of the team members will be asked to answer some questions related to what they did in the project.
  • The question/answer session is an individual mark. The way students answer questions will be evaluated individually.

 

Project Evaluation

1 – Group Report – Rubric for Marking the Report

Criteria Absent Insufficient (1-59%) (F) Emerging (60-69%) (D/D+/C-) Satisfactory (70-76%) (C/C+) Competent (77-86%) (B-/B/B+) Mastering (87-100%) (A-/A)
CLO1 Deliverable: Discuss the need to secure information as an organizational asset [10 %]: Part 2 (Partial [10 Marks]) Content is none existent. Content submitted but does not answer the question. Possible threat agents are identified and are somewhat justified. Mitigations are identified and are somewhat justified. Possible threat agents are identified and are justified to reasonable detail. Mitigations are identified and are justified to reasonable detail. Possible threat agents are identified and are justified to full detail. Consideration of the scenario is reasonably correlated.  Mitigations are identified and are justified to full detail. Consideration of the scenario is reasonably correlated.

 

Possible threat agents are identified and are justified to full detail. Consideration of the whole scenario is fully correlated.  Mitigations are identified and are justified to full detail. Consideration of the whole scenario is fully correlated.

 

CLO2 Deliverable: Discuss the role of security risk management and contingency planning in safeguarding information assets [40 %]: Parts 1 [20 Marks] and

Part 3 [20 Marks]

Content is none existent. Content submitted but does not answer the question Incidents Risk and CBA calculations are correct and explained to a reasonable extend. Consideration of effective contingency planning is correct and reasonably justified. Incidents Risk and CBA calculations are correct and explained to a full extend. Consideration of effective contingency planning is correct and fully justified. Incidents Risk and CBA calculations are correct and explained to a full extend. Consideration of the whole scenario is reasonably correlated. Consideration of effective contingency planning is correct and fully justified in relation to associated risks of Part1. Incidents Risk and CBA calculations are correct and explained to a full extend. Consideration of the whole scenario is fully correlated. Consideration of effective contingency planning is correct and fully justified in relation to associated risks of Part1 and the whole scenario.
CLO3 Deliverable: Examine different types of security threats and corresponding countermeasures [10 %]:

Part 2 (Partial [5 Marks]) and Part 6 (Partial [5 Marks])

Content is none existent. Content submitted but does not answer the question. General threat categories and possible mitigations are identified and are somewhat justified. General counter measures are identified and are somewhat justified. Specific threat categories and possible mitigations are identified and are somewhat justified. Specific counter measures are identified and are somewhat justified. Detailed specification of threat categories and possible mitigations are identified and are somewhat justified. Detailed specification of counter measures is identified and are somewhat justified. Whole scenario detailed specification of threat categories and possible mitigations are identified and are somewhat justified. Whole scenario detailed specification of counter measures is identified and are somewhat justified.
CLO4 Deliverable: Describe the legal and public relations implications of security and privacy issues [20 %]:

Part 5 (Partial [10 Marks]) and Part 6 (Partial [10 Marks])

 

Content is none existent. Content submitted but does not answer the question. Details related to personnel security measures and implication on operation are provided. Details related to personnel security measures and implication on operation are provided and fully justified Details related to personnel security measures and implication on operation are provided and fully justified with enough and accurate detail. Details related to personnel security measures and implication on operation are provided and fully justified with enough and accurate detail and fully corelated with the whole scenario.
CLO5 Deliverable: Apply major techniques, approaches and tools to discover system vulnerabilities and protect information assets [20 %]:

Part 4 (Partial [15 Marks]) and Part 5 (Partial [5 Marks])

Content is none existent. Content submitted but does not answer the question. Measures related to security outsourcing have been researched and stated. Measures related to security outsourcing have been researched and explained in relation to the given scenario. Measures related to security outsourcing have been researched and explained in relation to the given scenario with clear emphasis on the importance of the vetting process. Measures related to security outsourcing have been researched and explained in relation to the given scenario with clear emphasis on the importance of the vetting process and full consideration of the whole given scenario.

 

 

2 –  Rubric for Marking Oral Defense

 

Criteria Absent Insufficient

(1-59%) (F)

Emerging (60-69%)

(D/D+/C-)

Satisfactory (70-76%)

(C/C+)

Competent (77-86%)

(B-/B/B+)

Mastering (87-100%)

(A-/A)

Follow-up Questions and Discussion Unable to demonstrate any knowledge of the topic. Responds inaccurately and inappropriately to questions. Demonstrates some knowledge of the topic by responding to some questions and making mistakes in answering other Questions. Demonstrates good knowledge of the topic by responding accurately and appropriately to almost all questions. Demonstrates excellent knowledge of the topic by responding with accurate detail to almost all questions. Demonstrates extensive knowledge of the topic by responding confidently, precisely and appropriately to questions.

 

What Will You Get?

We provide professional writing services to help you score straight A’s by submitting custom written assignments that mirror your guidelines.

Premium Quality

Get result-oriented writing and never worry about grades anymore. We follow the highest quality standards to make sure that you get perfect assignments.

Experienced Writers

Our writers have experience in dealing with papers of every educational level. You can surely rely on the expertise of our qualified professionals.

On-Time Delivery

Your deadline is our threshold for success and we take it very seriously. We make sure you receive your papers before your predefined time.

24/7 Customer Support

Someone from our customer support team is always here to respond to your questions. So, hit us up if you have got any ambiguity or concern.

Complete Confidentiality

Sit back and relax while we help you out with writing your papers. We have an ultimate policy for keeping your personal and order-related details a secret.

Authentic Sources

We assure you that your document will be thoroughly checked for plagiarism and grammatical errors as we use highly authentic and licit sources.

Moneyback Guarantee

Still reluctant about placing an order? Our 100% Moneyback Guarantee backs you up on rare occasions where you aren’t satisfied with the writing.

Order Tracking

You don’t have to wait for an update for hours; you can track the progress of your order any time you want. We share the status after each step.

image

Areas of Expertise

Although you can leverage our expertise for any writing task, we have a knack for creating flawless papers for the following document types.

Areas of Expertise

Although you can leverage our expertise for any writing task, we have a knack for creating flawless papers for the following document types.

image

Trusted Partner of 9650+ Students for Writing

From brainstorming your paper's outline to perfecting its grammar, we perform every step carefully to make your paper worthy of A grade.

Preferred Writer

Hire your preferred writer anytime. Simply specify if you want your preferred expert to write your paper and we’ll make that happen.

Grammar Check Report

Get an elaborate and authentic grammar check report with your work to have the grammar goodness sealed in your document.

One Page Summary

You can purchase this feature if you want our writers to sum up your paper in the form of a concise and well-articulated summary.

Plagiarism Report

You don’t have to worry about plagiarism anymore. Get a plagiarism report to certify the uniqueness of your work.

Free Features $66FREE

  • Most Qualified Writer $10FREE
  • Plagiarism Scan Report $10FREE
  • Unlimited Revisions $08FREE
  • Paper Formatting $05FREE
  • Cover Page $05FREE
  • Referencing & Bibliography $10FREE
  • Dedicated User Area $08FREE
  • 24/7 Order Tracking $05FREE
  • Periodic Email Alerts $05FREE
image

Our Services

Join us for the best experience while seeking writing assistance in your college life. A good grade is all you need to boost up your academic excellence and we are all about it.

  • On-time Delivery
  • 24/7 Order Tracking
  • Access to Authentic Sources
Academic Writing

We create perfect papers according to the guidelines.

Professional Editing

We seamlessly edit out errors from your papers.

Thorough Proofreading

We thoroughly read your final draft to identify errors.

image

Delegate Your Challenging Writing Tasks to Experienced Professionals

Work with ultimate peace of mind because we ensure that your academic work is our responsibility and your grades are a top concern for us!

Check Out Our Sample Work

Dedication. Quality. Commitment. Punctuality

It May Not Be Much, but It’s Honest Work!

Here is what we have achieved so far. These numbers are evidence that we go the extra mile to make your college journey successful.

0+

Happy Clients

0+

Words Written This Week

0+

Ongoing Orders

0%

Customer Satisfaction Rate
image

Process as Fine as Brewed Coffee

We have the most intuitive and minimalistic process so that you can easily place an order. Just follow a few steps to unlock success.

See How We Helped 9000+ Students Achieve Success

image

We Analyze Your Problem and Offer Customized Writing

We understand your guidelines first before delivering any writing service. You can discuss your writing needs and we will have them evaluated by our dedicated team.

  • Clear elicitation of your requirements.
  • Customized writing as per your needs.

We Mirror Your Guidelines to Deliver Quality Services

We write your papers in a standardized way. We complete your work in such a way that it turns out to be a perfect description of your guidelines.

  • Proactive analysis of your writing.
  • Active communication to understand requirements.
image
image

We Handle Your Writing Tasks to Ensure Excellent Grades

We promise you excellent grades and academic excellence that you always longed for. Our writers stay in touch with you via email.

  • Thorough research and analysis for every order.
  • Deliverance of reliable writing service to improve your grades.
Place an Order Start Chat Now
image

+1 587-331-9072
WHAT'SAPP US, WE'LL RESPOND
AustralianEssayHelp
We will write your work from scratch and ensure that it is plagiarism FREE, you just submit the completed work.