SBM4303 Enterprise Architecture

Assessment 3: Applied Project

Assessment Details:

This assessment is designed to assess your technical skills in investigation IS security, risk threats and management to an organization. The assessment is also assessing your skills to evaluate risk management techniques and IS auditing. You are required to select an organization that uses information systems to perform daily business operations. You have to identify the most valuable assets for the organisations and investigate the security threats and mitigation techniques. You have also to propose/evaluate the risk management techniques adopted by the selected organization to ensure the reliability, confidentiality, availability, and integrity. You have also to discuss audit plan and processes used by the organization and investigate the impact of human factors on security and risk management.

Task Specifications

This assessment includes two tasks as follows:

Task-1:

Assume you are working at MBC TV broadcasting organisation. MBC allows the employees to use their own computing devices - such as smartphones, laptops and tablet PCs to work with them and use them in addition to or instead of organisation -supplied devices. The MBC organisation provides information systems services to the staff and customers. You have to write a report to answer the followings related to the selected organization:

  1. Mobile devices are highly vulnerable and can be exposed. Discuss two types of threats against mobile devices. Illustrate how these devices are vulnerable to destruction and abuse.
  2. Propose with justification two types of security protection techniques for mobile devices and how they can be used to mitigate threats.
  3. Assume the MBC organization used Linux Web Server (Apache) to host the organization web site. Discuss how the organization can ensure the availability of the web service using Linux web server.
  4. Discuss the impact of employee on information security of the MBC organization. Provide risk management recommendation to reduce the risk of employee when they use mobile devices for work.
  5. Linux server supported with different tools for auditing. Illustrate Linux server auditing tools and discuss how they can be used by the selected organization to monitor and analyzing the web server and email server problems.

You may need to make some assumptions with the required justifications. Please note you have to use Harvard reference style.

Task-2:

Access control is granting or denying approval to use specific resources. Technical access control consists of technology restrictions that limit users on computers from accessing data. In this task you have to understand access control (ACL) list and files system security using Linux. You have to demonstrate the way and commands of complete the followings tasks using Linux:

  1. Demonstrate the way of creating two directories ‘{StudentID1}’ and ‘{StudentID2} under main directory ‘SBM4304’. Where, StudentID1 and StudentID2 are the student ID of two students. Illustrate the command/s can be used to set full access to SBM4304 directory.
  2. Demonstrate the way of creating three users; {u1}, {u2} and {u3}, where u1, u2 and u3 are the first name of three students.

Illustrate the commands available in Linux to create directories and users and set and view the required permissions. In your report, you have to provide the commands you need during the process of conducting the requirements of Task-2.

Submission

you have to submit a report in word format include your answer for Task-1 and Task-2. You have to include cover page that include your student ID and full name.

Marking Information: The applied project will be marked out of 100 and will be weighted 20% of the total unit mark.

Marking

Criteria

Not satisfactory

(0-49%) of the

criterion mark)

Satisfactory

(50-64%) of the criterion mark

Good

(65-74%) of the criterion mark

Very Good

(75-84%) of the criterion mark

Excellent

(85-100%) of the criterion mark

Introduction (5 marks)

Poor Introduction with irrelevant details

Introduction is presented briefly and is missing the report outline

Introduction is generally presented along with the report outline

Introduction is well written, and the report outline is also discussed

Introduction is very well written, and the report outline is also discussed

Threats against

Mobile devices (15 marks)

Poorly discussion about threats and not related to mobile devices

Brief discussion about threats and not related to mobile devices

Good discussion about threats related to mobile devices

Well discussion about threats related to mobile devices

Excellent discussion about threats with clear specifications related to mobile devices

Security protection techniques for

mobile devices

(15 mark)

Poor discussion about security protection techniques for mobile devices with irrelevant

information

Brief discussion about security protection techniques for mobile devices

Generally good discussion of security protection techniques for mobile devices

Very clear discussion about of security protection techniques for mobile devices

A very clear and indepth discussion of security protection techniques for mobile devices

Availability of the web service

(10 mark)

Lack of evidence of understanding of availability for web service.

Evidence of basic understanding of availability of the web service with limited examples.

Evidence of good understanding and identification of techniques to improve the availability of the

web service

Very clear understanding and identification of techniques to improve the availability of the web service

Has excellent understanding and identification of techniques to improve the availability of the web service

Impact of employee on

information security

(10 mark)

Lack of evidence of understanding of impact of employee on information security

Evidence of basic understanding of impact of employee on information security

Evidence of good understanding of impact of employee on information security

Very good understanding of impact of employee on information security

Excellent understanding of impact of employee on information security

Linux server auditing tools

(10 mark)

Lack of evidence of understanding of audit process

Evidence of basic understanding of audit process and not related to the selected sector.

Good understanding of audit process with discussion related to the selected sector

Very good understanding of audit process with discussion related to the selected sector

Excellent understanding and demonstration of audit process related to the selected sector

Directory creation (10 mark)

Lack of evidence of understanding the Linux commands for directory creation and access.

Very brief demonstration of using Linux commands for directory creation and access.

Evidence of good understanding and demonstration of using Linux commands for directory creation and access.

Very clear understanding and demonstration of using Linux commands for directory creation and access.

Excellent understanding and demonstration of using Linux commands for directory creation and access.

User creation (15 mark)

Lack of evidence of understanding of the process of user creation

Very brief demonstration of using Linux commands for user creation

Evidence of good understanding and demonstration of using Linux commands for user creation

Very clear understanding and demonstration of using Linux commands for user creation

Excellent understanding and demonstration of using Linux commands

for user

Summary

(5 marks)

Summary not

relating to the

report

Brief summary of the report with some relevance

Generally good summary of the report

A section clearly summarizing the

overall contribution

A section very clearly summarizing the

overall contribution

References using Harvard style

Lacks consistency with many errors.

Unclear referencing/style

Generally good referencing/style

Clear referencing/ style

Clear styles with excellent source

(5 marks)

of references.

report

relevance

report

overall contribution

summarizing the

overall contribution

References (5 marks)

Lacks consistency with many errors.

Unclear referencing/style

Generally good referencing/style

Clear referencing/ style

Clear styles with excellent source of references.