Herefordshire College of Technology
Validated by the University of Gloucestershire
FdSc in Information and Communication Technology
Student:Assessor: Bob Higgie
Module: 205 Information Security and Cryptography
Title: Information security (50% of total module)Internal Verification of assignment: Bob Higgie
Date: 25 April 2012
Issue Date: 21 January 2015
Outcome and Principal Objective(s):
1. Critically analyse and evaluate a business case for information security management;
2. Demonstrate a comprehensive understanding of the threats to information security throughout an organisation;
3. Demonstrate systematic knowledge and understanding of the tools and techniques used to achieve the physical and operational security of information;
4. Critically analyse and evaluate a business continuity and disaster recovery plan;
5. Demonstrate a comprehensive understanding of applicable regulations governing the storage and processing of information, and the conduct of investigations.
Overall percentage score (provisional until after the examination board meeting):
Sections / 1 / 2 / 3
Score
Maximum / 15 / 35 / 50
Assessor's Overall Comments:
Due Date / Submitted date / Pass/Fail/Refer / Assessor / Verifier
1 6 March 2015
2
3
Date assessment completed:
Allocation of Marks for Module 205
50% Coursework: 2600 words or equivalent - Cryptography Portfolio
(Due 8th May 2015)
50% Assignment: 1500 words or equivalent - Information Security
(Due 6th March 2015)
Project brief:
This assignment (100 marks) is worth 50% of the overall coursework mark for this module.
The Scenario
You work as a security expert at a local company and you are very concerned with its security. Your company has been trialling a security product which analyses internal networks and creates a report on the network activity every day. This information is stored off-site at a distant hosting provider. It does this by installing a rootkit on each local machine and needs to determine the default gateway on its own. Once the gateway has been determined, a connection is made to the distant hosting site and the data transfer can take place.
You have noticed an increase in the traffic on the local network and have determined that a flaw in the code does not close the outbound connection but even worse, does not encrypt the outgoing data.
Task 1 (15% - Outcome 1)
Discuss the following:
1. The implications of the data breach on the network.
2. The implications of the breach on your organisation
Task 2 (35% - Outcomes 2, and 3)
What safeguards can be implemented until the problem has been solved and what could you do to mitigate a breach in the future?
Task 3 (50% - Outcomes 4 and 5)
What would the impact be on the organisation if other users (not employees) were able to upload or download files without the proper authentication?