KIT711 – Data Network Security
Goal
To design and write the security policies for a small to medium enterprise
Introduction
The task is to produce a printed consultancy report that is for establishing the security provisions for an
organization described in a case study. The case study will be created by the team and will be submitted
several weeks prior to the remainder of the report to enable the team to receive feedback on its
suitability for the assignment. The report itself will contain multiple parts, some created by the whole
team, while some will be largely undertaken individually, but with input from the rest of the team.
As this assignment contains a sizable amount of team work, there will be a peer assessment perspective
of the assignment. This will involve each team member providing some feedback and information to the
tutor about how the group functioned as a team, and how much work was completed by each member.
Case Study – due 8th of May (Week 10)
The first component of the assignment, due in week 10, is the case study. This is a 500-700 words
document describing the company the team has invented for your group assignment.
You are going to invent an IT (information Technology) related company. IT is a catch-all for the industry
at present, any job that is primarily to do with the operation of computers or developing for them. The
company will be a medium sized enterprise, with somewhere between 120 and 200 employees. The
turnover of the company will be greater than 2.5 million and less than 25 million. It is suggested that you
try to model the company from an existing company and then make changes to create your own
company. This will enable you to get a fuller picture in your minds of what the company is like, its
context, and its security needs.
It is suggested that the team invents a name for the company, and indeed names for key employees at
the company. It is a good idea to describe the purpose of the company, the number of employees,
geographical location, its ICT infrastructure and any specific industry related risks to the company. It is a
creative progress requiring everything to be imagined to get a realistic view of the company to
understand its needs and threat profile. Consultancy Report – due 29th of May (Week 13)
The report will have two sections: the first will contain information common to the entire
report, such as the threat and risk analysis, while the second section will address specific
security issues facing the company.
The first section of the report should be written by a group and should contain:
• an executive summary (~400 words)
• an introduction including a description of the assumptions made and extra context for
the case study (1000 words ~ 1500 words)
• a threat and a brief risk analysis (1000 words ~ 1500 words)
• a definition of the main security goals for the case study’s organisation and an
accompanying set of high-level security policies. Each high-level security policy should
be numbered. (1000 words ~ 1500 words).
Include any extra material at the end of the report as appendices.
• The appendix should contain a copy of the case study, updated with any changes made
since the first submission in week 10.
The second section of the report should contain the following subsections, each written by a
different group member:
• Physical Security
• Logical Security
• Data and System Security
• Network Security
• User Education and Compliance (only if the group has 5 members)
The content should provide an overview of how you will achieve the security goals stated in the
first section of your document in the area that you are tackling. Each recommendation should
refer explicitly to a numbered security goal from the first section of your report. You need to
explain why you are making the recommendations and mention any obvious competing
solutions and why your suggestion is more appropriate.
Each of these subsections should be ~ 2000 words (no more than 2500 words) in length.
Peer Assessment
This assignment involves each team peer-reviewing three other team’s submissions of both
‘Case Study’ and ‘Consultancy report’. This involves marking their submission against the CRA
marking rubric (which is included as part of this specification) and providing feedback. After this has been completed, each team will then grade this assessment based on the quality of the
feedback and how fair they think the mark was.
Solution
Table of Contents
High-level security policies. 19
Information security policy (ISP) 19
Access control policy (ACP) 19
Change management policy (CMP) 20
Business continuity policy (BCP) 21
Data-centric security plan. 39
Multi-factor authentication. 39
Case study
ABC’s Key Workforce
Chief Executive Officer………………Bryant Wallace
Chief Operations Officer………………Smith Lawrence
Human Resource Manager……………..Martin Will
Head of Finance………………………..Patricia Baker
Head of Marketing……………………..David Luiz
Public Relations………………………..Ken Davis
Who are we?
ABC Limited is a company that focuses on creating online student-oriented resources and assessment packages at Melbourne in Australia. The company’s main target audience is the students living with disabilities and hence experiencing learning difficulties as a result of their status. The organization focuses on three major developments in teaching practice and learning through information technology. One innovation is the development of modules within the Environmental Science undergraduate programme where students apply different types of IT in preparation for face-to-face seminars. The second one is the creation of an “Introduction to Marketing” module for Business School learners. In this respect, the course implements high-quality and computer-aided learning materials.
Purpose of the company
ABC Limited is seeking to create special technology that will enable the increment of independence of learners with special needs from a constant need for explicit teacher involvement in the learning process. Consequently, the students will have the ability to achieve flexible learning speeds that are convenient for them, leading to highly personalized learning. Ideally, technology makes it possible for a classroom to be harnessed with individualistic learning events. This allows the instructors to provide high levels of differentiation and flexibility in instruction. ABC enables teachers to use information technology to offer a broad range of learning approaches and varieties, that engage, instruct, and support special education.
IoT Infrastructure
- Adaptive computing
ABC has mainly sought to apply technological advancements in breaking barriers in special education delivery. The company applies technical tools needed for human speech recognition and synthesizing, and this way, it is able to avoid the need of using pen and paper during the lessons. Adaptive computing has come in handy in allowing the use of digital materials in bypassing challenging tasks. Screen reader apps developed by the firm, along with specially developed Braille keyboards, which assist the visually challenged learners to use the computer. ABC has developed augmentative communication models that assist students with speech issues in overcoming the communique obstacles.
- Data analytics
The gathered data facilitates the organization’s service delivery through modern software that allow for the minimization of effort needed for taking steps towards students with disabilities. ABC has developed web-based services for distance learning. The main task here is to offer learners easy-to-use intuitive tools for the buying of online courses, tracking, and scheduling academic progress.
- Online apps
ABC’s intuitive and neat web-based chatting apps provide for the development of online classes that assist learners in living with disabilities to communicate with one another as well as the instructor. Such virtual learning stations allow both the instructors and learners from distinct remote regions to participate in live sessions. ABC runs an online application that facilitates the evaluation of individual academic performances for the learners with special needs. The main objective here is to assist these learners in unleashing their full potential.
- Mobility
The firm has an Individualized Education Program, which simplifies work for the students with learning issues occasioned by developmental retardations, intellectual disabilities, and brain injuries…………………………………..To access the rest of the solution for $40, please click on the purchase button.
