Recent Question/Assignment

Assignment 2: Defensive Audit (1500 words 30%)
Despite the strictest security protocols and measures, every organisation has certain vulnerabilities that can be exploited by hacking attacks. Once these vulnerabilities are identified, cyber security professionals need to be well-equipped to securing them. Occasionally, however, these may not be secured in time. A security consultant also needs to be able to counter the attack with the resources available.
This Assignment 2 requires you think about the multiple ways in which a business or an organisation’s security vulnerabilities can be exploited and you will be required to defend against such attempts so as to disrupt a hacking attack and securing the organisation’s vulnerabilities.
Instructions
In this assignment, you will be provided with three context briefs from which you will be required to select any one business or organisation for your analysis and complete the tasks below (A & B). As much as possible, focus on the details provided in the brief. Where information is not provided but integral to your analysis, make reasonable assumptions (which should be clearly stated and explained).
1. Vulnerability Analysis (25%)
2. Security Plan (75%)
1. Vulnerability Analysis
You will be required to assess organisational vulnerabilities for your chosen context, and develop a defence plan to disrupt the hacker’s activities.
Select three organisation vulnerabilities and compare them in terms of:
1. Level of potential exposure
2. Likelihood of this vulnerability being exploited
3. Magnitude of potential impacts
Please note that your three selected vulnerabilities should vary in all the above mentioned characteristics.
2. Security Plan
Based on your chosen vulnerabilities, propose a security plan that can be implemented by your organisation to reduce exposure. Your security plan should include:
1. Focus on the social and organisation elements of ensuring good security, and the trade-offs between security and freedom.
2. Suggest 3 approaches this organisation could take to enhance their cybersecurity, and for each approach discuss
o The resources required to implement this framework
o Evaluation of the effectiveness vs. costs of your proposed security plan
o Ability of the proposed framework to cover multiple vulnerabilities
o Implications on the organisation and their core business
o Trade-offs between security, privacy and freedom
3. How does the global environment around hacking improve or complicate your defense plan? Discuss the role of the local and global hacking community. Provide an example of one global organisation that could help you.
Context 1: School
Location & environment
• Inner suburb school
• On the outskirts of the city, with both residential and commercial buildings
• Mid to high-density area
Technology
• Password-protected Wi-Fi for students and staff
• 3 computer labs with 10 computers and network-connected printers
• Use of personal iPads and laptop computers is allowed for students
• Use of externally hosted learning management system, which also manages grades and enrolment
• Externally hosted email for students (Gmail)
• Externally hosted file sharing (Google Drive)
• Staff files are secured within school firewall and cloud-synchronised on nightly basis
• All files are backed up on the school server every night
• Staff HR system runs on the school server (located on the premises)
People
• 1000 student, from grade 10 to 12
• 48 teachers, 9 maintenance staff, 12 casual staff
• All permanent staff require police checks
• Students have given email address with their student ID and the school domain
• Other people engaged with the school include parents, community organisations, government staff and vendors
Context 2: Cafe
Location & environment
• Inner suburb cafe
• On the outskirts of the city, with both residential and commercial buildings
• Mid to high-density area
Technology
• Password-protected Wi-Fi for staff and patrons
• iPads used for taking orders, sending orders wirelessly to kitchen, and transmitting to cashier counters
• Externally hosted file sharing for staff (Google Drive)
• Staff HR and POS systems run on the cafe server (located on the premises)
• POS (Point of Sales) system with integrated:
o Payment technologies
o Staff rosters
o Operating hours
o Hourly sales reports
• All files are backed up on the cafe server every night
• POS system and staff files secured within café firewall and cloud-synchronised on a nightly basis
People
• Permanent full-time staff: 3 baristas, 5 waiters, 1 manager
• 2 maintenance staff who come in every evening after closing (8 pm)
• All permanent staff require police checks
• Maintenance staff require reference checks with their previous employer(s)
Context 3: Hospital
Location & environment
• Inner suburb hospital
• On the outskirts of the city, with both residential and commercial buildings
• Mid to high-density area
Technology
• Password-protected Wi-Fi for visitors/patients
o Visitors and patients can request for password from any receptionist
• Hospital staff use different network, also password-protected
• Internally hosted email for staff
• Nurses and doctors are given a hospital iPad, receptionists use desktops
• Externally hosted software system to manage electronic medical and health records (EMR, EHR)
o Billing system
o Prescriptions
o Scanned documents
o Medication tracking
• Staff HR system runs on the hospital server (located on the premises)
• Staff files are secured within hospital firewall and cloud-synchronised on nightly basis
• All files are backed up on the hospital server every night
• Cloud files include those from 3 other hospitals in the chain, in surrounding suburbs
People
• Permanent full-time staff: 200 doctors, 500 nurses, 20 receptionists
• Casual: 35 maintenance staff
o Operate on roster, 5 each day
• Permanent staff have thorough police & background checks with references
• Staff have given email address with their staff ID and the hospital domain
• Other people engaged with the hospital include community organisations, government staff and student volunteers
Helpful resources and reference materials to help you write a Security Plan:
• https://www.protectivesecurity.gov.au/system/files/2021-06/pspf-policy-3-security-planning-and-risk-management.pdf
• https://www.ferc.gov/sites/default/files/2020-04/security-plan-example.pdf
• https://www.protectioninternational.org/wp-content/uploads/2012/04/1-7_Manual_English_3rdEd.pdf
• https://uniserveit.com/blog/10-step-cybersecurity-plan-for-your-small-business
• https://blog.rsisecurity.com/how-to-write-an-effective-cybersecurity-plan-for-your-small-business/

Looking for answers ?