CIS2005 Assignment 3 Instructions
Report and Presentation based on CASE STUDY: PEOPLESHARZ.COM (A fictitious analysis of a security breach)
This assignment assesses your understanding in relation to the following three course objectives:
- analyse information security vulnerabilities and threats and determine appropriate controls that can be applied to mitigate the potential risks
- explain why continual improvement is necessary to maintain reasonably secure information systems and IT infrastructure and to describe the role of disaster recovery and business continuity plans in recovering information and operational systems when systems and hardware fail
- demonstrate an ability to communicate effectively both written and orally about the management of information security in organisations.
Read Case Study: PEOPLESHARZ.COM (A fictitious analysis of a security breach)
Your Task
On return from your meeting, it’s time to quickly put together a proposed plan of work and a response for PeopleSharz. Given the nature of your assignment with PeopleSharz, an urgent response and work-plan is required that outlines your approach and methodologies to:
- Assessing what went wrong – how did the hacker compromise the PeopleSharz environment and steal the user information?
- How does PeopleSharz ensure it does not happen again?
At present, no other assumptions need to be made about the actual security issues/breach. This assignment is focused upon seeing if you, the student has built up an awareness of how security in Internet Websites can be assessed and analysed to assist businesses in improving their overall security position. - By being able to outline how you would go about reviewing the security breach outlined in the PeopleSharz case study and making recommendations on improving security practices and the appropriate controls that need to be put place to reduce the risks to an acceptable level, the markers will be able to assess your level of knowledge learned in this course and the additional research you have undertaken.
Any information not provided in the case study may be assumed, but make sure that your assumptions are stated and that the assumptions are plausible.
NB; Importantly and in addition to your own study and research, there will be two specific discussion forum threads on the assignment discussion forum where you can ask questions of the main players in the scenario:
- Mark Bukerzerg and/or Peter Tweet (PeopleSharz)
- Phil Jones (HotHost1)
Deliverables
The success of your engagement is based upon two deliverables:
- Development of an Incident Response Work-plan
- A business proposal to PeopleSharz Management in the form of a presentation that outlines how the organisation should be better focusing on Information Security.
In detail:
- Incident Response Work-plan (WORD Document):
The work plan should be included in a professionally presented document of no more than 10 pages and be structured to show how each phase of work is to be undertaken. Your work-plan must include the following at a minimum:- Executive Summary: half-page brief outlining purpose; scope, expectations and outcomes of the proposed plan of work. (250 words)
Structured and ordered work plan phase description, which for each section includes: - Background and problem analysis – What went wrong? How did the hacker compromise the PeopleSharz web site environment and steal the user information ? (approx. 500 words)
- Threat analysis -What is to be investigated and tested, how it will be done, what sort of potential issues you are looking for and deliverables PeopleSharz and/or HotHost1 can expect for each phase of work – (eg; the “deliverable” for the phase of work could potentially be a report containing the results of a vulnerability assessment test on the PeopleSharz server(s)). (approx. 1000 words)
- Dependencies and critical success factors to the job, such as key stakeholders in this security breach – people to be interviewed or whose involvement in that phase of work is required. (Remember, you don’t always get free-rein access to systems and other information and because time is of importance, you won’t get a long time to master the environment. But, as you know, you cannot also always believe everything you are told).
- What is key to getting this job done efficiently and what support do you need to get this done, (from PeopleSharz and also the hosting provider). (approx. 500 words)
- Set of recommendations for improving PeopleSharz’s current security practices and ensuring that an appropriate set of controls are put in place (approx. 750 words)
- Reference list of key sources in particular technical references which support your approach (Not counted in word count)
- Executive Summary: half-page brief outlining purpose; scope, expectations and outcomes of the proposed plan of work. (250 words)
- Developing a Securer Environment for PeopleSharz for the Future (POWERPOINT):
Your strategy presentation should be created as if it were an actual presentation you were doing for a real client in relation to your proposed work plan including a set of recommendations and should contain the following at a minimum:- 1 Slide for an Introduction outlining your team and the organisation you work for
- 2-3 Slides covering the Background: A brief summary of where PeopleSharz is today in regards to security practices in their organisation and controls in place for their web servers.
- 2-3 Slides covering the Threat Analysis: A summary of the major threats and associated vulnerabilities and the actions required to reduce the risks associated with these threats and specific vulnerabilities in their web servers to an acceptable level.
- 2 Slides covering Dependencies and critical success factors to the job: i.e. what is key to getting this job done efficiently and what support do you need to get this done, (e.g. internal business stakeholders, developers etc.)
- 2 Slides covering your proposed Set of recommendations for improving security practices at PeopleSharz and ensuring appropriate controls are in place in relation to their web site which is core to their business
[The following is also to be included. While not part of a “standard” Industry business presentation, it is there to allow teaching staff to gauge what level of research has been undertaken]. - 1 Slide acknowledging the key authoritative reference sources which underpin the research you have conducted and your approach in the proposed work plan in your proposed business report.
Get Your Custom Paper From Professional Writers. 100% Plagiarism Free, No AI Generated Content and Good Grade Guarantee. We Have Experts In All Subjects.
Place Your Order Now