KIT711 – Data Network Security
Goal
To design and write the security policies for a small to medium enterprise
Introduction
The task is to produce a printed consultancy report that is for establishing the security provisions for an
organization described in a case study. The case study will be created by the team and will be submitted
several weeks prior to the remainder of the report to enable the team to receive feedback on its
suitability for the assignment. The report itself will contain multiple parts, some created by the whole
team, while some will be largely undertaken individually, but with input from the rest of the team.
As this assignment contains a sizable amount of team work, there will be a peer assessment perspective
of the assignment. This will involve each team member providing some feedback and information to the
tutor about how the group functioned as a team, and how much work was completed by each member.
Case Study – due 8th of May (Week 10)
The first component of the assignment, due in week 10, is the case study. This is a 500-700 words
document describing the company the team has invented for your group assignment.
You are going to invent an IT (information Technology) related company. IT is a catch-all for the industry
at present, any job that is primarily to do with the operation of computers or developing for them. The
company will be a medium sized enterprise, with somewhere between 120 and 200 employees. The
turnover of the company will be greater than 2.5 million and less than 25 million. It is suggested that you
try to model the company from an existing company and then make changes to create your own
company. This will enable you to get a fuller picture in your minds of what the company is like, its
context, and its security needs.
It is suggested that the team invents a name for the company, and indeed names for key employees at
the company. It is a good idea to describe the purpose of the company, the number of employees,
geographical location, its ICT infrastructure and any specific industry related risks to the company. It is a
creative progress requiring everything to be imagined to get a realistic view of the company to
understand its needs and threat profile. Consultancy Report – due 29th of May (Week 13)
The report will have two sections: the first will contain information common to the entire
report, such as the threat and risk analysis, while the second section will address specific
security issues facing the company.
The first section of the report should be written by a group and should contain:
• an executive summary (~400 words)
• an introduction including a description of the assumptions made and extra context for
the case study (1000 words ~ 1500 words)
• a threat and a brief risk analysis (1000 words ~ 1500 words)
• a definition of the main security goals for the case study’s organisation and an
accompanying set of high-level security policies. Each high-level security policy should
be numbered. (1000 words ~ 1500 words).
Include any extra material at the end of the report as appendices.
• The appendix should contain a copy of the case study, updated with any changes made
since the first submission in week 10.
The second section of the report should contain the following subsections, each written by a
different group member:
• Physical Security
• Logical Security
• Data and System Security
• Network Security
• User Education and Compliance (only if the group has 5 members)
The content should provide an overview of how you will achieve the security goals stated in the
first section of your document in the area that you are tackling. Each recommendation should
refer explicitly to a numbered security goal from the first section of your report. You need to
explain why you are making the recommendations and mention any obvious competing
solutions and why your suggestion is more appropriate.
Each of these subsections should be ~ 2000 words (no more than 2500 words) in length.
Peer Assessment
This assignment involves each team peer-reviewing three other team’s submissions of both
‘Case Study’ and ‘Consultancy report’. This involves marking their submission against the CRA
marking rubric (which is included as part of this specification) and providing feedback. After this has been completed, each team will then grade this assessment based on the quality of the
feedback and how fair they think the mark was.
Solution
Table of Contents
Company Facilities and Locations. 5
Main Security Goals and High-Level Security Policies. 16
High-Level Security Policies. 19
Acceptable Use Policy (AUP) 19
Access Control Policy (ACP) 19
Information Security Policy (ISP) 20
Incident Response Policy (IR) 20
Business Continuity Policy (BCP) 21
Accounting for Lost Devices or Devices that have been stolen. 27
Software-based Logical Security. 30
Intrusion Detection Systems. 45
Distributed Denial of Service Prevention. 46
Case study
First Choice Solutions Inc. (FCS) is a marketing affiliate for different software producers. To form a business platform, the company is developing a research and development (R&D) team that will survey 5000 medium-sized entities and franchises. The main objective is to plan direct marketing to these firms that have shown interest in software solutions. FCS’s team leaders are expected have at least three years of hands-on experience in dealing with corporate decision-makers. Together with the fact that they will be promoting products that the market is well acquainted with, such factors are likely to play a critical role in corporate success.
The company has different business objectives that it intends to accomplish within specific timelines. Among them is; the achievement of a sales turnover of AUD 3 million in the current financial year. Second, is to excel in a variety of after-sales services and support. Third, is to become among the most preferred software resellers in Sydney. Fourth, FCS aspires to expand to other major cities in Australia, such as Melbourne, Brisbane, Perth, and Adelaide in three years of active operations.
FCS’s mission is to make sure that each employee at the firm is knowledgeable on the different products that they promote in the market, and that they have sufficient expertise in their respective fields. A high-quality product is likely to sell in the market if potential buyers get well informed about their functionalities and positive attributes. FCS strives to be the industry leader within the reseller field, through the promotion of excellent customer services and after-sales support.
The primary keys to success as far as the company is concerned include:
- The supply of after-sales support, and hence establishing long-term relationships with other players in the industry
- The company’s experience in associating with decision-makers within the corporate setting.
- The promotion of high-quality software that resonates well with users
Company summary
FCS Inc. promotes third party software and, at the same time, offer after-sales services packages. The company identifies different potential clients who have expressed business interests in such a software product through consistent surveys.
Start-up company
FCS appreciates the vitality of conducting market research and hope to reap the benefits of a market survey that will include more than 5000 potential clients in Sydney. Sydney is the primary operating location for FCS at the moment; however, the company is open for further expansion in the future. The firm’s operating costs include instalments on survey loans, travel overheads, phone calls, rent, operating license acquisition expenses, and business cards.
Company facilities and locations
The firm will commence operations with an estimated workforce size of 140 workers………………………………..To access the rest of the solution for $40, please click on the purchase button.
