Advance Security (IT Security Management) Assignment 2 Assignment Overview For this assignment you will design and develop a business security systems for storing, accessing, securing and backing up the data. You have to discuss the use of the security tools and hardware in order to create the secure environment. This exercise gives student the opportunity to improve their skills in building security and to implement a backup and recovery plans. This assignment also gives the student to create a business impact analysis for business continuity planning purposes. Marks will be awarded based on the sophistication and the difficulties of the implemented design. Federation University Australia is one of the nation's leading regional universities that have several campuses around Australia. It has a population of more than 23,000 international and domestic students and staff. Their main campus are located in Ballarat, Australia, they provide online teaching as well. FedUni has contacted you to be their information security project manager. Additional details about this university are: • Since FedUni is a huge domestic university, its staff and student are divided into various departments. There are several responsibilities for each one of those departments: marketing, business, human resources, training and education, finance, health, housing, quality assurance, IT security, IT help desk and research and development. Each department has their responsibility and can access their own information and are not allowed to access other department information. While higher people from each department has a privilege to access sensitive information, for example, the finance manager will have extra privilege to access sensitive information, while the rest of his team cannot. • As a security manger you have an access to different department documentations. Further, you are liable to coordinate and liaise with different representative from the different department. Your contact is directly with CISO. • The university deals with many off-campus student and staff, which they request to access the university's resources and VPN. • FedUni has a large number of short visiting scholars who visit the campus during the year. Those scholars have an access to the university's resources (labs and printers). Description of the assessment: Answer the following points. This task requires you to do literature research on internet, magazines, publications of journal or conference, textbook. This is an individual assignment. Therefore, it is very important to write the findings in your own words. The aforementioned scenario must be discussed while replying to the below questions: Q1) For the organization, what are the controls (technical, physical or administrative) that you will implement to make it secure and fulfills the CIA triad within the university and departments and when contacting the internet? (Provide a figure for your controls and explain why using them). Please note that you have to mention technical/physical and administrative controls (10 marks) Q2) What kind of risks that you might accept (not to implement controls for them) and why? For the risks that you either decided to accept, or for the unexpected risk, how do you plan to handle them? (2 marks) Q3) Give an example of a duty of the Incident response planning, Disaster recovery planning and Business continuity planning when having an unexpected event. (3 marks) Q3) Refer back to any resource to explain the difference between HIDS and NIDS? (You have to write from 500- 1000 words.) (5 marks) Q4) Literature review on Signature based detection and anomaly based detection? (You have to write from 500- 1000 words.) (5 marks) Use at least 5 references Plagiarism All used sources must be properly acknowledged with references and citations, if you did not create it. Quotations and paraphrasing are allowed but the sources must be acknowledged. Failure to do so is regarded as plagiarism and the minimum penalty for plagiarism is failure for the assignment. The act of given your assignment to another student is classified as a plagiarism offence. Copying large chucks and supplying a reference will result in zero marks as you have not contributed to the report. By the due date, you must submit: • The cover page must identify student (name and number), teaching staff, and assignment. • The assignment must use 12 point font size minimum and at least single line spacing with appropriate section headings. • Reference sources (IEEE style) must be cited in the text of the report, and listed appropriately at the end. Late submission of assignments will be penalised as follows: • For assignments 1 to 5 days late, a penalty of 10% (of total available marks) per day. • For assignments more than 5 days late, a penalty of 100% will apply. Your submission must be compatible with the software (PDF/Word) in MIT, Computer Laboratories/Classrooms. Extensions: Under normal circumstances extensions will not be granted. In case of extenuating circumstances— such as illness—a Special Consideration form, accompanied by supporting documentation, must be received before 3 working days from the due date. If granted, an extension will be only granted only by the time period stated on the documentation; that is, if the illness medical certificate was for one day, an extension will be granted for one day only. Accordingly the student must submit within that time limit. Penalties may apply for late submission without an approved extension. Penalties: Academic misconduct such as cheating and plagiarism incur penalties ranging from a zero result to program exclusion. Page 2 of 3 Marking criteria: Marks are allocated as indicated on each question, taking the following aspects into account: Aspects Description Analysis (if appropriate) Investigation, comparison, discussion Explanation/justification Description/answer to the question Presentation Inadequate structure, careless presentation, poor writing Reference style Proper referencing if required Plagiarism Copy from another student, copy from internet source/textbook, copy from other sources without proper acknowledgement Marking Rubric for Exercise Answers Grade Mark HD 80%+ D 70%-79% CR 60%-69% P 50%-59% Fail < 50% Excellent Very Good Good Satisfactory Unsatisfactory Analysis Logic is clear and easy to follow with strong arguments Consistency logical and convincing Mostly consistent and convincing Adequate cohesion and conviction Argument is confused and disjointed Effort/Difficul ties/ Challenges The presented solution demonstrated an extreme degree of difficulty that would require an expert to implement. The presented solution demonstrated a high degree of difficulty that would be an advance professional to implement. The presented solution demonstrated an average degree of difficulty that would be an average professional to implement. The presented solution demonstrated a low degree of difficulty that would be easy to implement. The presented solution demonstrated a poor degree of difficulty that would be too easy to implement. Explanation/ justification All elements are present and well integrated. Components present with good cohesion Components present and mostly well integrated Most components present Lacks structure. Reference style Clear styles with excellent source of references. Clear referencing/ style Generally good referencing/st yle Unclear referencing/style Lacks consistency with many errors Presentation Proper writing. Professionally presented Properly spoken, with some minor deficiencies Mostly good, but some structure or presentation problems Acceptable presentation Poor structure, careless presentation Page 3 of 3