IT Security Solutions for Ruskin College and Eagles Hospital

Quantitative Risk Assessment for Ruskin College

Whilst your target audience has some level of IT knowledge, they have employed you as the subject expert. Answers to each question should be provided at a level of technical detail sufficient to that target audience in the given scenario. You should apply the knowledge gained from the lectures, and compliment this with your own research in order to demonstrate an understanding of the subject material, explaining the technology and how it applies to the context of the given scenario, providing suitable examples where appropriate.

Question 1:

You have just started a new role as a security specialist at Ruskin College. The college consists of 5 buildings with over 200 members of staff, 2000 students and more than 1000 terminals across 5 computer labs, library and staff workstations as well as one large datacentre including several servers, routers and switches, and network-attached storages. You are responsible for safeguarding and protecting sensitive personal information and digital corporate assets. Also, you must provide solutions to maintain and promote organization digital security infrastructure and security awareness.

• Please answer the following questions:

A. As your first task, you have been asked to perform a quantitative risk assessment for Ruskin College. Describe the steps you must take to conduct the risk assessment. Use your creativity to elaborate the details on the college’s digital assets and their value.

B. To promote convenience and improve availability, students are allowed to use their personal devices to connect to the college network, eLearning and email system and while instructors  and staff are mandated to access the college network, eLearning and email system only through highly regulated and secured university computers. This makes total sense since instructors and staff have higher privileges in the system, a security breach in staff or instructor machines might have catastrophic consequences and jeopardize system integrity.

That being said, the instructors' Outlook emails are being routinely hit by Klez, a type of worm that propagates via e-mail. Klez uses Microsoft Outlook to spread. It grabs a contact name from the address book, and it uses that name in the email header and then propagates itself  to all the people in the address book. When one of the victims executes the malicious file, theworm attempts to disable the antivirus software and spread itself to other systems. Doing so opens the system to an attack from other viruses.

• Describe, how college access security policies contribute to this issue?

• Describe, how can you mitigate this issue with minimum effect to student’s freedom of access?

• Describe the security threats and attacks that college could face with its current access policy?

C. You have been asked to develop a recovery plan for the college infrastructure in case of a disaster or critical failure. Describe, what options do you have and how  these options can safeguard college assets and infrastructure?

D. To further promote the security, you’ve been assigned to implement a private CA structure

 for your organization. Ruskin College has seven other large branches and facilities throughout the country and continuity of secure access to college services is extremely important. How would you go about implementing this CA structure? Explain your solution.

E. Describe how cryptography can support the core security principles (CIA AAA) in Ruskin College?

Question 2:

You have just started a new job at Eagles hospital as a security consultant. Eagles hospital has hired over 500 new people during the last year which raises a concern about the security awareness of the new hospital personnel. As your first task, you have been asked to promote the security awareness of the hospital personnel by briefing your colleagues on the computer misuse Act and some other training workshops.

You should produce a briefing report comprising:

• Outlines Computer misuse offenses under misuse Act with real-world examples that surround your organization (Hospital).

• Describes how it safeguards digital security in a hospital environment.

• Describes the consequences of breaking the Act.

Question 3:

You have switched your job once again and this time you are working as a security specialist in a software development company. The company has recently signed a new contact with some private  bank to develop a whole new highly secure banking software to handle financial transactions, customers' financial records as well as online banking.

Your first task is to make sure all developments in this project are secure and meet software secure principles and guidelines.

• Create a secure coding checklist for the various component of the banking software by adopting the OWASP secure coding practices.

• Using the OWASP Top 10 security concerns, identifies five different attacks that banking software applications might be vulnerable to.

• lack of referencing in the text

• divergence from Harvard referencing style