Recent Question/Assignment
Given that a company’s network is critical infrastructure, it is important to have a network security plan that specifies how the network will be protected against internal and external threats.
Recently an Australian university’s network was subjected to a cyber attack, with the hackers gaining access to staff and student records going back 19 years.
What went wrong?
Scenario
Ground Clearance Ltd is a company that maintains, leases, buys and sells new and used trucks, bulldozers, mobile cranes, graders, etc. The head office is at the Douala site in Cameroon. The other company sites are in Yaounde, Bertoua and Kumbo.
Ground Clearance Ltd realises its approach to security is at best, ad hoc. The company suffered a denial of service attack that put their public website offline for 24 hours. It is worried about its network’s exposure to cyber attacks. The company has decided to upgrade its network security.
our role
As a security specialist you have been hired to prepare and implement a new Network Security Plan across all sites of the company.
Details of site layouts and physical and human resources have been provided in Assignment details to help you with your role.
work your way through the following steps to ensure that you meet the requirements of this assignment:
Step 1: Familiarise yourself with the following aspects of Ground Clearance Ltd:
Site layouts
At Douala, head office:
• Two-level building.
• IT server room on Level 1, with connection to the internet.
• Site size: 200 metres x 300 metres.
• Building floor size: 100 metres x 50 metres.
• Over the last 12 months, the city council has redirected a river to create a park—the site is now prone to flooding.
At Yaounde:
• IT server room, with connection to the internet.
• Site size: 150 metres x 50 metres.
• Building floor size: 20 metres x 30 metres.
• Over the last 12 months, use of photocopiers has been excessive.
At Kumbo:
• IT server room, with connection to the internet.
• Site size: 100 metres x 100 metres.
• Building floor size: 25 metres x 30 metres.
• Over the last 12 months, the local coal-fired power station has been decommissioned—the site is now subject to intermittent power failures.
At Bertoua:
• IT server room, with connection to the internet.
• Site size: 125 metres x 100 metres.
• Building floor size: 25 metres x 40 metres.
• Over the last 12 months, there was a break-in and a number of PCs were stolen.
Physical resources
• All staff are provided with a desk PC and a laptop.
• PCs and laptops are configured with Windows 7.
• At each site, there are 3 photocopiers per 50 staff.
• At each site, there are 5 printers per 50 staff.
• At each site, each group is in a separate local area network.
• All sites use IEEE802.11a for the wireless local area network.
• The IT server room at each site has a router connected to the internet, a switch for each local area network, and a server farm with a mail server and separate servers to support each of the company’s group roles.
• All networking equipment is sourced from CISCO Systems.
• The public web server is at head office, in the IT server room.
Human resources
Douala, head office:
• 125 staff in the leasing group.
• 180 staff in the marketing group.
• 100 staff in the finance and accounting group.
• 10 staff in the vehicle servicing group.
• 10 security guards in the site security group.
• 30 staff in the IT technical support group.
Yaounde:
• 80 staff in the leasing group.
• 5 staff in the vehicle servicing group.
• 2 security guards in the site security group.
• 5 staff in the IT technical support group.
Kumbo:
• 140 staff in the sales group.
• 5 staff in the vehicle servicing group.
• 4 security guards in the site security group.
• 5 staff in the IT technical support group.
Bertoua:
• 125 staff in the sales group.
• 5 staff in the vehicle servicing group.
• 5 staff in the IT technical support group.
Step 2: Write a security plan report including the following:
• IT security management.
• Risk assessment.
• IT security controls.
• Physical and infrastructure security.
• Human resources security.
________________________________________
Assignment tip
View the marking guide when you select the heading 'Assignment criteria' to see a detailed breakdown of how your work will be assessed. This is an excellent place to start your preparations for this assignment.
Refer back to the marking guide frequently to make sure you are meeting the requirements.
________________________________________
Supporting resources
• Refer to your eTexts used through this unit as they will assist you with completing this assignment.
• The Student Hub Academic writing and presenting (Links to an external site.) page has a section on Report writing that you might find useful.
Assignment 2 marking guide
Criteria No Pass Pass
50–59% Credit
60–69% Distinction
70–79% High Distinction
80–100%
Able to identify IT security management issues and security controls (diagrams i.e. network security plan] and referencing)
(30%) Did not meet criterion. Ability to identify basic information of IT security management issues and security controls, without diagrams and referencing within text. Ability to identify and provide a brief description of IT security management issues and security controls, without diagrams and referencing within text. Ability to identify and provide a brief description of IT security management issues and security controls, with diagrams and referencing within text. Ability to identify and provide clear, comprehensive description of IT security management issues and security controls, with diagrams and referencing within text.
Able to identify physical and infrastructure security, human resources security issues and risk assessment methods (referencing)
(35%) Did not meet criterion. Ability to identify basic information of physical and infrastructure security, with referencing within text. Ability to identify and provide information of the physical and infrastructure security, and human resources security issues, with referencing within text. Ability to identify and provide brief information of the physical and infrastructure security, human resources security issues and risk assessment methods, with referencing within text. Ability to identify and provide clear, comprehensive information of the physical and infrastructure security, human resources security issues and risk assessment methods, with referencing within text.
Quality in report structure (executive summary, introduction, headings/subheadings, conclusion)
(20%) Did not meet criterion. Does not have an ability to provide report structure in an appropriate form. Ability to provide report structure in an appropriate form. Ability to provide report structure in an appropriate form and proper explanations. Ability to provide report structure in an appropriate form and proper explanations in place with headings.
Quality report writing skills, spelling and grammar
(15%) Did not meet criterion. Written report with major spelling and grammar errors throughout text. Written report with minor spelling and grammar errors throughout text. Written report with no spelling, grammar errors throughout and with good quality content. Written report with no spelling, grammar errors throughout and has better quality content.