Attached
Case study report ITNET202A (Enterprise Security) 2020.1 Unit ITNET202A Enterprise Security Assessment Type Report Assessment Number 2 Assessment Weighting Case Study 40% Due Date/Time Week 11 29th May 2020 via Moodle Turnitin 5:00pm (AEST) Assessment Description You are to provide a security architectural design for a new, internet-based bank that you are setting up, having been granted a banking license under the new “No More Squirrelling” legislation recently passed by the Federal Government. The requirements for this design are described below. Because you are dealing with a bank, a number of security concerns at various levels need to be addressed in your architecture: 1. Compliance with federal and state legislation, 2. Public confidence in your enterprise by providing confidentiality, availability and integrity of customer data, 3. Privacy of customer data, 4. Interoperation with other financial institutions, both nationally and internationally, 5. Compliance with international standards, 6. Security of all bank assets, 7. Current trends in customer engagement via the internet Your design needs to deal with enterprise architectural issues relating to application security, platform/OS security, network security and storage security. The decision has been made to run the bank’s IT operations in a Cloud environment. Case study report ITNET202A (Enterprise Security) 2020.1 B. Components you need to deliver: 1. I suggest that you use reference architectures if you can find these. The purpose of this work product is to show what types of security services you intend to provide, what types of cloud services you will be using (private, public, hybrid, SaaS, PaaS, IaaS), what types of systems and networking you will need for the bank – consider head and branch office systems and networks, ATM and EFTPOS systems and networks, international links. You will need to make reasonable assumptions about sizing, capacity, etc. of the various IT components, and you need provide a design for best security practice, i.e. cost is less of an issue than having security exposures and weaknesses. 2. Detailed (logical level) security architecture. This will include specific details of what security services you will provide, what networking you will provide, what application systems you will be protecting, what tools you will be using. Case study report ITNET202A (Enterprise Security) 2020.1 3. Detailed design (physical level) of your main processing site(s), irrespective of use of Cloud. This will include location, security equipment, networking devices, storage sizing, management tools, operational components for the detailed security architecture. 4. Costing estimates (both labor, hardware and software, both for implementation and operation) 5. Planning estimates with enough detail to show estimates at equipment installation level 6. Resourcing estimates 7. Description of the security services you are planning to provide, why, and where they will be located in relation to the bank’s IT systems and networks. 8. Equipment lists describing what equipment you will be implementing to provide these security services. For these latter components, you would benefit from using the SABSA Framework for Security Service Management. C. Approach: Use the SABSA framework as a guide for your work products. Concentrate on the How, Who and Where (Process, People and Location) columns. You will have to do some research about how an organization like a bank would be running its IT systems and what they would consist of. Detailed Submission Requirements • Submission must be between 3500 – 4000 words (excluding references) • All students submit the assessment through the Assessment Turnitin link on Moodle page for this unit. Case study report ITNET202A (Enterprise Security) 2020.1 Misconduct • The assessment will be submitted through Turnitin via your unit page on Moodle. • Turnitin is plagiarism software, which will identify if you have copied information and included it in your assessment. • Copying information from others (i.e. websites, partner company information, or other students etc.) without the acknowledging the author is classified as misconduct. • Engaging someone else to write any part of your assessment for you outside of the group work arrangement is classified as misconduct. • To avoid being charged with Misconduct, students need to submit their own work and apply APA or Harvard Style Referencing (ask your lecturer (https://courses.highered.tafensw.edu.au/mod/page/view.php?id=48) if you do not know what this means, or you need assistance applying it). • The TAFE misconduct policy and procedure can be read on the TAFE website ((https://www.tafensw.edu.au/about/policies-procedures/higher-education). • Use the TAFE referencing guide accessible on Moodle. Late Submission • Any assessment submitted past the specific due date and time will be classified as Late. • Any Late submission will be subject to a reduction of the mark allocated for the assessment item by 5% per day (or part thereof) of the total marks available for the assessment item. A ‘day’ for this purpose is defined as any day of the week including weekends. Assignments submitted later than one (1) week after the due date will not be accepted, unless special consideration is approved as per the formal process. Special consideration • Students whose ability to submit or attend an assessment item is affected by sickness, misadventure or other circumstances beyond their control, may be eligible for special consideration. No consideration is given when the condition or event is unrelated to the student's performance in a component of the assessment, or when it is considered not to be serious. • Students applying for special consideration must submit the form within 3 days of the due date of the assessment item or exam. • The form can be obtained from the TAFE website (https://courses.highered.tafensw.edu.au/mod/page/view.php?id=48) or on- campus P.4.32. • The request form must be submitted to Admin Office. Supporting evidence should be attached. For further information please refer to the Student Assessment Policy and associated Procedure available on (https://www.tafensw.edu.au/about/policies-procedures/higher-education). https://courses.highered.tafensw.edu.au/mod/page/view.php?id=48 https://www.tafensw.edu.au/about/policies-procedures/higher-education https://courses.highered.tafensw.edu.au/mod/page/view.php?id=48 https://www.tafensw.edu.au/about/policies-procedures/higher-education Case study report ITNET202A (Enterprise Security) 2020.1 Rubric for Report (40 marks) Requirements Total High Distinction Distinction Credit Pass Pass Fail Depth and Breadth of Coverage Demonstrating understanding or interpretation of key concepts of Enterprise security initiatives in the chosen organization, the implementation challenges and criteria for success 10% All aspects of the question are addressed in depth. Most aspects of the question are addressed in depth. Most aspects of the question are addressed adequately. Basic aspects of the question are addressed adequately. Responses are superficial and / or inadequately addressed the question. 8.5 to 10 7.5 to 8.4 6.5 to 7.4 5 to 6.4 0 to 4.9 Consistency between high level architecture, detailed architectures and detailed designs 10% The design covered full detailed enterprise architecture and design The design covered the most detailed enterprise architecture and design The design covered some detailed enterprise architecture and design The design covered partial parts of enterprise architecture and design The design did not cover enterprise architecture and design 8.5 to 10 7.5 to 8.4 6.5 to 7.4 5 to 6.4 0 to 4.9 Proof of application of security best practice in your solution 5% Your solution fulfills all aspects of company’s security concerns Your solution fulfills the most aspects of company’s security concerns Your solution fulfills some aspects of company’s security concerns Your solution related in aspects of company’s security concerns Your solution did not fulfill aspects of company’s security concerns 4.3 to 5 3.8 to 4.2 3.3 to 3.7 2.5 to 3.2 0 to 2.4 Relevance of your architectures and designs to business requirements and use cases 5% Demonstrate all related requirements for your solution in higher level. Demonstrate most of related requirements for your solution in acceptable level Demonstrate related requirements for your solution in acceptable level Demonstrate some requirements for your solution Demonstrate did not fulfill requirements for your solution 4.3 to 5 3.8 to 4.2 3.3 to 3.7 2.5 to 3.2 0 to 2.4 Case study report ITNET202A (Enterprise Security) 2020.1 Critical Elements 5% The written work shows great depth of thought, excellent development of argument, logical analysis and insight into the subject. The written work shows some evidence of analysis, supported by logical argument and insight into the subject. The written work shows evidence of elementary analysis and the development of argument. The written work is mainly descriptive, showing basic understanding of the topic. The written work demonstrates limited understanding of the topic. 4.3 to 5 3.8 to 4.2 3.3 to 3.7 2.5 to 3.2 0 to 2.4 Structure, Language and References 5% All aspects of the written work conform to a high academic / professional standard. Cited references Most aspects of the written work conform to a high academic / professional standard. Cited references Most aspects of the written work conform to an acceptable