You are required to write a report for a business organisation regarding the potential security threats, vulnerabilities and attacks they might be facing based on the given case study. The purpose of this assessment is for you to demonstrate that you understand the kinds of cyberattacks that might arise in your own workplace or professional setting, so that you can identify the potential security vulnerabilities and threats that need to be addressed to develop a security program within the organisation and justify the use of resources and the opportunities to make positive changes.
The targeted Course Learning Outcomes for this assessment are:
- CLO1: Apply a set of IS and business skills to design and evaluate an information systems security architecture.
- CLO2: Develop security solutions and mitigation strategies to address security threats and vulnerabilities for Information Systems (IS) and other organisational assets.
- CLO4: Explain the organisational and technical issues to consider when constructing an information security program that is aligned with a specific business context.
Consider that you have been hired as a security consultant by MyFinance, which is a local, medium-size trading firm. Your job is to identify the most relevant security threats for this organisation and provide preventive measures. MyFinance uses a mainframe computer to support its daily processing needs. Its computer centre, which houses the mainframe, is located on the second floor of a commercial building. The computer centre is behind large plate-glass windows so that the state-of-the-art technology can be displayed as a measure of the firm’s success and to attract customer and investor attention. The computer centre is equipped with smoke detectors and automatic water sprinklers. The whole commercial building, including the computer centre, is equipped with air-conditioning. The electrical power to the computer centre (including all the devices inside) comes from the commercial building. Furthermore, all the devices inside the computer centre are directly connected to the power source of the building without any regulatory devices in between. An entrance door equipped with a keypad combination lock prevents unauthorised physical access to the computer centre.
MyFinance has hired several computer operations staff to operate the computer centre. The company offers flexible working arrangements and highly encourages a “BYOD” policy so that the employees can also work from home when needed. The firm has also hired some systems and programming staff for software development and maintenance. Since the number of systems and programming staff is small and the work demand has increased, system documentation is prepared when time is available. Backups occur periodically in this company. The firm maintains two backup copies of its program and data files. One copy is stored in the computer centre and the other is stored at an off-site location.
- Identify at least seven possible and most relevantthreats, vulnerabilities, and attacks (after considering the business environment and the nature of the firm without making any assumption about the case study) that could occur in MyFinance. Explain the reasons for their occurrence. Please note that selection of a threat or threats based on assumption e.g., virus attack will result in deduction of marks (unless there is a reason that MyFinance is more likely to be the subject of virus attack) as such as a threat can occur in any organization and not specific to MyFinance. Furthermore, the case study does not mention whether antivirus systems are used in MyFinance or not. Therefore, you cannot make any assumptions.
- For each threat identified in (a) above, recommend a suitable control(s) to deal with it and briefly explain how the control will help to protect against this threat. Use appropriate references to back up your recommendations. Use RMIT Harvard referencing style.
You need to submit the following in Canvas:
- A written report of no longer than 1500 An assignment with a word count greater than 1500 will not be marked. Please put down the word count at the end of your submission. Your reference and citations will not be counted towards the word limit
- The submissions will go through Turnitin checks and appropriate actions will be taken as per RMIT’s academic misconduct policy.