Managing Insider Threats to Information Security

Learning Outcomes: Analyse and assess risk exposures of particular assets to particular threats

All material copied or amended from any source (e.g. internet, books) must be referenced correctly according to the reference style you are using.

Your work will be submitted for plagiarism checking.  Any attempt to bypass our plagiarism detection systems will be treated as a severe Assessment Offence.

·An electronic copy of your work for this coursework must be fully uploaded on the Deadline Date of   using the link on the coursework Moodle page for COMP1431.

·For this coursework you must submit a single PDF document.  In general, any text in the document must not be an image (i.e. must not be scanned) and would normally be generated from other documents (e.g. MS Office using "Save As .. PDF"). An exception to this is hand written mathematical notation, but when scanning do ensure the file size is not excessive.

·There are limits on the file size (see the relevant course Moodle page).

·Make sure that any files you upload are virus-free and not protected by a password or corrupted otherwise they will be treated as null submissions.

·Your work will not be printed in colour. Please ensure that any pages with colour are acceptable when printed in Black and White.

·You must NOT submit a paper copy of this coursework.

·All courseworks must be submitted as above. Under no circumstances can they be accepted by academic staff

Section 1: Introduction

What is this report all about, why has it been produced?

Section 2 : PAM Accounts

What exactly could be done with stolen ‘privileged and administrative accounts’?

Section 3 : Need-to-Know Data Access

What is meant by ‘strict need-to-know principles’? How could this be arranged?

Section 4 : Data Leakage

What measures should be put in place to protect against employees accessing or taking “confidential information from the workplace. ” Give five measures.

Section 5 : Repercussions in Public Domain

How might ‘Target, Morrisons and Korea Credit Bureau’ have lost out now that this knowledge of their breach of security is in the public domain?

Section 6: Insider Threats Audit

How might auditors help with keeping the ‘insider threats’ under control?

Section 7 : References and Appendices

List of references used and appendices included.

Assessment Criteria

Marks will be awarded as follows:-

1Introduction 5 marks

2Stolen Accounts 18 marks

3Need-to-Know 18 marks

4Confidential Information 18 marks

5Knowledge in Public Domain 18 marks

6Auditing 18 marks

·Poor referencing (especially of internet sources): word-for-word copies of sources must be shown in quotes and be referenced. Ideas that are not original to you must be properly attributed.

·Poor presentation:

oPoor quality of expression, spelling and grammar, referencing

oPoor Content: lacking original thought, research, integration of topics

oPoor Application of Taught Concepts

This coursework does not lend itself to copying from the internet or other published materials. You are reminded of the University’s policy on plagiarism and cheating and that any evidence of wrongful cutting and pasting of information sources will be passed to the Plagiarism Officer; you  may then be given a zero mark for this work.

The grades for the sections will be amalgamated into an overall grade for the entire coursework.

A:Professional piece of work with excellence in all given assessment criteria.

B:Professional piece of work good in all given assessment criteria, possibly excellent in some.

C:Professional piece but with some omissions/inaccuracies/inappropriate deductions.

D:Marginal Fail in academic assessment criteria lacking in thoroughness as professional report.

E:Definite  Fail as an academic exercise and not acceptable as a professional piece of work.

F:Fail: work that is unacceptable both academically and as a  professional piece.