CSI2102- Information Security Assignment 01 – Information Security Mapping Case Study Semester 01, 2017 Details: Title: Information Security Assignment 1 Due Date: 09.00 AM (GMT+8) Monday 1stApril 2017. Value: 20% of the final mark for the unit Length: Maximum of 2000 words on 3 pages (A3 page format) or 8 pages (A4 page format) (excluding cover page and references) Purpose of this assignment: The purpose of this assignment is to support the following unit Learning Outcomes (LO) for this unit: LO 1: Identify the importance of information to organisations and society in general; LO 2: Describe and apply concepts, principles and techniques relating to the security of information; and LO 5: Demonstrate an understanding of the advantages, disadvantages, threats, and vulnerabilities associated with various IT environments. Background: Jack Doe is the Community Liaison Officer for 3D Media Comm. Ltd based in Perth, Western Australia. 3D Media Comm. Ltd is an inventive company developing and selling social media marketing to small businesses. The design and production of all products is handled electronically, directly with each business. 3D Media Comm. Ltd currently has 40% of the market in WA, with the remaining 50% held by much larger advertising agencies, and the final 10% by those developing mobile apps for social media marketing. Jack spends half of his day on the road in the Perth metro area visiting small businesses who may wish to purchase and social media marketing into their existing marketing activities. Consequently, Jack carries a laptop, smart phone and Surface Pro 4 with him everywhere he goes. The laptop encompasses an Intel i5 CPU, 8GB RAM, and is running Windows 10 Professional with the last Windows update applied towards the end of January, 2015. When in the office Jack connects his laptop and Surface Pro to the company network. 2 Jack predominantly uses Microsoft Office Professional 2013 for all his business needs. Microsoft Access and Microsoft Excel contain the information for all clients within Western Australia, as well as client confidential business and financial information. Jack is not well informed about information security although he uses computing technology to support his job. As a result Jack does not use third party firewalls, anti-virus software, encryption, or authentication mechanisms. While on the road, Jack occasionally leaves his laptop in the car. He also frequently visits Internet cafes for lunch where he utilises the Internet for up to an hour each day. The confidentiality of information is important as any disclosure could cause significant embarrassment to him and the company, as well as impact client privacy and confidence. Also, Jack must provide correct, factual information to all clients hence ensuring the integrity of information is vital. Lastly, should any information not be available when needed, this may result in clients taking their business to the new to market competitor. Task: Utilising the background information, draw a concept map or annotated attack tree which represents the context of Jack’s 3D Media Comm. Ltd work environment and also demonstrates: • the links the data Jack uses and keeps, and the aims of security (CIA) –i.e. what information needs protecting, why and what aspect of CIA does this related to?; • the associated attacks which could breach each of these aims in this scenario; • the likelihood (risk) that any attack in this scenario poses; • the impact each attack may have; • the resultant countermeasures which could be applied in this scenario;  the relative cost of each countermeasure; and  the mitigation effect of the countermeasure. *** All content MUST align with the scenario given and not just be provide in general security terms *** All of the attacks that you present must be feasible, capable of being undertaken by one person, and require limited financial support. An in-text reference supporting the attack and countermeasure should be included within each of the concepts. NOTE: You are not writing an essay on each attack and countermeasure, only a brief (referenced) description. Your work should be focussed on a diagrammatic representation, and be as creative (or not) as you wish. The choice of how you present the assignment is up to you as long as it meets the assignment requirements. 3 Report Requirements: Must Contain Cover/Title Page This must contain the unit code and title, assignment title, your name and student number, due date and the title of your topic. Table of Contents are not required Introduction Introduce the report, define its scope and state any assumptions. Use in-text references where appropriate. Main content Address the task as above. The diagram and associated text must demonstrate recent research and application to the context provided. You should calculate the risks associated with the technology. The diagram and text must be logically structured and you are required to include appropriate referencing (in-text and end-text references) to support your argument throughout the entire report. All attacks, countermeasures, ideas, and recommendations should be backed up with references. References should predominantly include books, journal articles, and conference papers as these have been peer reviewed prior to publication. References A list of end-text references formatted according to the ECU requirements using the APA format. It is recommended that Endnote is used to manage references. Your references should ideally comprise of books, journal articles, and conference papers. Format This report should be no more than 2,000 words (excluding references and diagrams) and labelled as <CSI2102_your studentid_your studentlastname_studentfirstname>.docx and should be in a single file. Your assignments must be word-processed and the diagrams be developed using graphics software (most word-processors provide this facility). The text must be no smaller than 12pt and font Times New Roman Academic Misconduct (Including Plagiarism): Edith Cowan University regards academic misconduct of any form as unacceptable. Academic misconduct, which includes but is not limited to, plagiarism; unauthorised collaboration; cheating in examinations; theft of others students work; collusion; inadequate and incorrect referencing; will be dealt with in accordance with the ECU