ASSIGNMENT 2: INFORMATION SECURITY MANAGEMENT DUE DATE: 20 MAY 2016 @ 4:00PM. SET TASKS ABC has several branch offices across Australia with about 60 mobile sales employees at each branch office. Each employee is provided with an iPad and smartphone as well as access permission to remotely read and upload data to the database server at their branch office. The chief information security officer (CISO) at ABC believes that the use of password and malicious software (malware) poses threat to the database at ABC. The CISO estimates that a successful malware attack will cost ABC $28,000 for hiring external security consultant, $15,000 for containment and cleaning and $50,000 due to losses of sales. In order to mitigate the password related threats, ABC's password management system automatically rejects passwords that are found in the dictionary, passwords that are not seven characters long and passwords that do not have at least one capital letter, one number and one special character. The password management system also lockouts after a three failed log-in attempts. To mitigate malware risks, the ABC management is planning to purchase an antimalware solution at a cost of $50,000. It is expected that the annualized loss expectancy will be reduced to $75,000 if the antimalware solution is deployed on ABC system. QUESTIONS (3+4+3=10 MARKS) For each of the following question, you must justify your answer and where applicable show step by step your work including all appropriate formulas required to arrive at your answer. An answer without justification, step by step description and formulae will be given zero mark. 1. Briefly describe what policy or policies the ABC password management system is enforcing. 2. Calculate the annualized loss expectancy assuming that the probability of a successful malware attack is 2.5 times every two years. 3. Would you recommend the ABC management to proceed with the purchase of the antimalware solution? Explain why or why not. Marks will be allocated to construction of, and support for, your analysis and evaluation as well as presentation, readability and referencing. Any answer deemed to be outside the scope of information security management will be given zero marks. GENERAL REQUIEMENTS • Your submission must be in a form readable by Microsoft Word or PDF/Acrobat format. • Each question should be answered individually with the corresponding label (e.g. Q1) to indicate the question answered. • Your submission must not be more than 5 pages long (including diagrams if any), must have margins no less than 2cm, and font size no less than 12 point. Oversized assignments will be penalised. • Plagiarism is not tolerated and for details on plagiarism and penalties please refers to faculty student guide on CloudDeakin. Appropriate referencing must be used throughout the document with the bibliography not counted in the page limit. • Refer to the Unit guide for additional information.