it is like an report and questions starts at bottom of pdf from case study
ICTNWK513 – Manage System Security ASSESSMENT TASK 1 Analyse Threats to the System & Determine Risk Category ICT50118 Diploma of Information Technology ASSESSMENT ACTIVITY 1 COVER SHEET Please ensure this form is fully completed prior to submitting. This page should be on the front of your assessment and needs to be easily accessible. Student Number: Student Name: Subject: ICTNWK513 Manage System Security Course: ICT50118 Diploma of Information Technology STUDENT DECLARATION I hereby certify that: 1. This assessment task is my own work based on my personal study/research and not the work of another student and/or source. 1. I have acknowledged all material and sources used to prepare this assessment task. 1. I have not plagiarised or copied any part of this assessment task from the work of any other student or source either. (I know the penalties for plagiarism include $200 re-assessment fee) 1. This assessment task has not previously been submitted. 1. I am aware of the requirements set by my Trainer & Assessor. 1. I have retained a copy of this assessment task for my own records. 1. I have completed all my assessments, tasks & activities (on Moodle®) successfully. Student’s Signature: _______________________________ Date: ___________ Student instructions This assessment must be based on where you work (or have worked most recently). This Assessment is designed to test the knowledge that you have acquired throughout the unit. Use the following tips to help you answer the questions: Read each question carefully. Check with your trainer or assessor if you are not sure what the question is asking. HINT: Use these questions as subheadings to create a business style report to answer your assessment Your response to each question should aim to provide enough information to answer the question. In most cases, this can be done with just a few paragraphs. Don’t forget to refer to attachments under the heading (question) applicable, e.g. ‘See attached email’. Important: Your assessment must contain this coversheet and your own coversheet (for your “report”) Your answers & assessment submission must professional in style (Business), content and format. Maximum font size 11 points: Font Arial or Times New Roman; single spacing; clear paragraphs with appropriate punctuation, spellchecking and final submission will need to be proof-read. (i.e. few missing words or typo’s) In particular: - Use clear, non-discriminatory language - Avoid the use of jargon - Write clearly using plain English - Consider your target audience - Ensure that your responses meet the needs of the target audience (in this case your trainer or assessor). All of your work must be original. Performance Evidence Evidence of the ability to: implement and manage security functions on a system conduct risk assessment set up effective controls to manage risk develop security plan and security recovery plan monitor risks and controls review risk analysis process. Knowledge Evidence To complete the unit requirements safely and effectively, the individual must: summarise the general features of specific security technologies describe risk analysis techniques, with a focus on their general features, and depth in security procedures describe the common security requirements of a client’s organisation, including: · threats · security techniques and technologies outline systems management and process control in relation to security explain systems technologies, including a broad summary of their general features and capabilities. Assessment Conditions Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the network industry, and include access to: a site where system security may be implemented and managed use of utility tools currently used in industry organisational security policies manufacturer recommendations security standards Assessors must satisfy NVR/AQTF assessor requirements. Marking and Criteria guide: Assessor and student must read this carefully before assessment. · All parts of the assessment must be completed successfully in accordance with the guidance provided in the Marking guide for the student to achieve competence in this unit. · Students & assessors must note that professionally critical aspects/concepts must be included (e.g. answer questions to gather knowledge on the development of a website program). · All parts (criteria) in the marking guide must be completed successfully for the student to achieve competence in this unit Practical Checklist Assessor to complete: Observation/assessment Satisfactory/ not Satisfactory Comments Pre-assessment work completed ASSESSMENT 1 Activity – Analyse Threats to the System and Determine Risk Category 1. The student has evaluated the organisation’s system discussed its validity as an online education system (minimum 100 words) Add Scale 2. The student has described the following potential risks at WIN i. Hardware failure etc. Add Scale ii. Physical security (physical intrusion and Bomb threats) Add Scale iii. Cyber-attack (eavesdropping, penetration, viruses) Add Scale iv. Denial of service (DoS attacks, smurf attacks) Add Scale v. Espionage (privilege escalation etc.) Add Scale 3. The student has described human interactions with the system and identified any potential risk from the WIN case scenario. Add Scale 4. The student has categorised risks based on likelihood and consequences Add Scale 5. The student has matched the control to risk based on its categories and resource requirements Add Scale Practical Checklist Assessor to complete: Did you observe the student? Choose an item. Further comments required Assessor Comments ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ Resubmission required - Choose an item. Date resubmission must be handed in: ________________________ Assessor’s name and signature: _______________________________ Date: 20 July 2020 Case Study You are a technical manager at Wentworth Institute (WIN). WIN is offering online courses in Project Management and Information Technology. Recently WIN has become a victim of malicious attack from a group of hackers. The hackers used distributed denial of service (DDoS) attack to disable the WIN web services, which resulted in: 1. The learning website not available for two days in a row (in two separate occasions) 2. Student files missing which were not backed up properly 3. Severely tarnished reputation in the education industry The directors of WIN were stunned, and they invited your team of IT security professional. They are asking for a robust risk management solution for WIN. The directors are determined not to suffer any such business loss due to lack of risk control. On arrival, you have conducted an audit of their current system; and you have found: · Online course was running on a single dedicated remoted web server (hosted by www.bluehost.com located in Western Region of USA) · The web server was running on Linux · The learning platform was using Moodle with PHP · The web server was running on limited RAM (shared with other applications) · The webserver had MySQL · There was no redundant server · There was no automated backup system for the server · The admin username was very simple to be shared by multiple people (e.g. admin1234) · All admin persons shared same super-admin username and password · There was no option for accountability and separation of privileges · Students could only access online web interface · Teachers could access internal database from home computer over Internet (with no VPN) · The web system did not have firewall or DMZ placed · The web site had static IP address for permanent online presence · In case of attacks, the call from hosting company was directed to the landline phone at the college – no one would be available to take the call on evenings and weekends · Due to marketing purpose, the website is under the control of sales team. The sales team manager oversees any website-related issue · The technical manager only acts as the 3rd level support after the sales team responding to the hosting company (on behalf of the college) · The academic manager oversees Moodle access control as he controls the student and staff logins to the Moodle system · The college is new; and there is no IT policy or procedure to respond to disasters You have decided to address the above conditions. The directors will consider your report for a new risk management plan. Your task, as the leader of IT security team, is to write a report to: · describe all possible future threats to the business, · identify all critical business elements for business · report possible resolutions to manage risks Activity 1 – Analyse Threats to the System 1. Evaluate the organisation’s system and discuss its validity as an online education system (minimum 100 words) 1. Describe the following potential risks at WIN – conduct a risk analysis i. Hardware failure etc. (minimum 50 words) ii. Physical security (physical intrusion and Bomb threats) (minimum 50 words) iii. Cyber-attack (eavesdropping, penetration, viruses) (minimum 50 words) iv. Denial of service (DoS attacks, smurf attacks) (minimum 50 words) v. Espionage (privilege escalation etc.) (minimum 50 words) 1. Describe human interactions with the system and identify any potential risk from the case scenario. 1. Categorise the risks found in point 2 and point 3 above, based on likelihood and consequences. Use the following matrix. 1. Match the control to risk based on its categories and resource requirements Likelihood Consequences Insignificant Minor Moderate Major Catastrophic Certain Likely Moderate Unlikely Rare d:\work\wentworth institute\training\dip of ict\term 1\1. bsbsus501\assessments\develop workplace policy sustainability a1 v07122019_03.docx Page 1 of 4 d:\work\wentworth institute\training\dip of ict\term 4\2. ictnwk513\assessment\manage system security a1 160620_v02.docx Page 9 of 10 ICTNWK513 – Manage System Security ASSESSMENT TASK 2 Identify and Include Appropriate Controls ICT50118 Diploma of Information Technology ASSESSMENT ACTIVITY 2 COVER SHEET Please ensure this form is fully completed prior to submitting. This page should be on the front of your assessment and needs to be easily accessible. Student Number: Student Name: Subject: ICTNWK513 Manage System Security Course: ICT50118 Diploma of Information Technology STUDENT DECLARATION I hereby certify that: 1. This assessment task is my own work based on my personal study/research and not the work of another student and/or source. 1. I have acknowledged all material and sources used to prepare this assessment task. 1. I have not plagiarised or copied any part of this assessment task from the work of any other student or source either. (I know the penalties for plagiarism include $200 re-assessment fee) 1. This assessment task has not previously been submitted. 1. I am aware of the requirements set by my Trainer & Assessor. 1. I have retained a copy of this assessment task for my own records. 1. I have completed all my assessments, tasks & activities (on Moodle®) successfully. Student’s Signature: _______________________________ Date: ___________ Student instructions This assessment must be based on where you work (or have worked most recently). This Assessment is designed to test the knowledge that you have acquired throughout the unit. Use the following tips to help you answer the questions: Read each question carefully. Check with your trainer or assessor if you are not sure what the