Module on Information Security Threats to Computer Networks and Management Information Systems

Learning Outcomes

On successful completion of this module students will be able to:

1. Identify and critically analyse information security threats to computer networks and management information systems. (management of information systems | Managing information systems)

2. Critically evaluate the range of effective security controls used to protect system and user data.

3. Synthesize solutions to security problems through effective information security governance.

4. Create understanding of professional, social, ethical and legal issues associated with cyber security.

Attempt all the following tasks set in the assignment. Marks are provided in order to produce a documented system that meets the requirements as specified below. Please specify the task number in your assignment.

Task 1: Security vulnerabilities

You are an Information Security officer working on TechnoIT Limited. You have been informed of some vulnerabilities in your company's web server. These can be seen in the following table:

·Web application vulnerabilities to cross-site-scripting vulnerabilities

·Missing authorisation

·Download of codes without integrity checks

·User ID and Password not case sensitive

·Buffer overflow

a.Give a detailed explanation of how each vulnerability from the above list can be exploited and give recommendations on what should be done against each of them.

b.You have been told that one of your application has a "SQL injection" vulnerability. With the use of an example, explain what these vulnerabilities might be and how it could compromise the security within your organisation.

Task 2: Security tools/Techniques                                 

You are an Information Security officer working on TechnoIT Limited. The managing director calls you one day; he looks concerned and says "The festivities will soon be upon us and we have a new range of products ready for market. For operational reasons, all product files need to be kept on the local server for use by our managers. However, I fear our competitors will hire hackers to access our servers and steal or corrupt our files." The managing director outlines the need for three different methods of protections and requires expert opinion on a relevant technology for each.

a. For each of the following instances, choose a technology that would best serve the required need, describe its operation and justify your choice. Each instance should describe a different technology.                                    

i. Prevent hackers from finding a file. Evaluate and justify your answer using literature for the scenario above.

ii. Prevent hackers from reading a file. Evaluate and justify your answer using literature for the scenario above.

Task 1: Security vulnerabilities

iii. Enable alteration of a file by a hacker to be detected. Evaluate and justify your answer using literature for the scenario above.

b. For each of the three choices of technology discussed in (a) above, critically analyse how a hacker might attempt to counteract your protection.

Task 3: Social engineering and BCM

The 2018 information security breaches surveys reveal that in 2017, 13% of large companies found hackers penetrate their corporate defences, compared with 1% in 2016. The report, based on responses from more than 1,000 large companies, shows hackers are "using social engineering attacks to lure staff in insecure behaviour. Insiders have always been the biggest threat, so it is now essentials that boards improve security awareness and practice among staffs”. Can Business Continuity Management (BCM) is a solution to deal above breach scenario? [Computer Weekly April 2018]

a.Describe the two main methods employed by social engineers to 'lure staff into insecure behaviour'.                                                 

b.Give a detailed explanation BCM and its functions (purpose and benefits).                                                                              

c.What are the three types of backup sites that an organisation can use? Evaluate them with examples.

Task 4: Ethical hacking

1. With the aid of a diagram, outline the phases of ethical hacking steps.

2. The first step of hacking is also called Footprinting and information gathering Phase. Name the types of Footprinting and explain this by giving examples.

3. Using examples, discuss the different types of scanning.               

Task 5: Presentation, Report Layout and References

·All components of the assignment (text, diagrams. code etc.) must be submitted in ….one-word file (hand-written text or hand drawn diagrams are not acceptable), any other accompanied materials such as simulation file, code, etc. should be attached in appendices. 

·Standard and commonly used fonts such as Arial or Calibri should be used, font size must be within the range of 10 to 15 points including the headings, body text and any texts within diagrams, 

·Spacing should not be less than 1.5 

·Pay attention to the Assessment criteria / Marking scheme, the work is to be concise and technical. Try to analyse, compare and evaluate rather than simply describe.  

·All figures, screenshots, graphs and tables must be numbered and labelled. 

·The assignment should be logically structured, the core of the report may start by defining the problem / requirements, followed by the proposed solution including a detailed discussion, analysis and evaluation, leading to implementation and testing stage, finally a conclusion and/or personal reflection on learning. 

Task 2: Security tools/Techniques

·Screenshots without description / discussion does not constitute understanding and maybe assumed irrelevant. 

·Please access your Turnitin Test Page via Dashboard or My modules to learn more about Turnitin and to make a test submission and to check your similarity score before uploading your final version  

·You will have opportunity to submit as many times to your module pages as you want up until the deadline. 

·Make sure to make backup of your work to avoid distress for loss or damage of your original work, use multiple storage media (memory stick, cloud and personal computer). 

·Please note file size limitation might apply. You work must be under 100MB. 

·During the delivery of the module, you will have several opportunities to get formative feedback on your assessment during tutorials.  

·Although you will be guided throughout the module by your lecturer, you can get extra support for your assignment, just make an appointment with the ACE team for any language, research and study skills issues and/or talk, email the Computing ACE expert for any advice on how to approach your assignment. REMEMBER: they are not here to give you the answers! 

·Students will have access to formative feedback on each task set in workshops, thereby helping them to refine their approach to the summative tasks that have been set. 

· However, please note that this feedback is limited to recommendations on improving your work. Lecturers will not confirm any grades or marks.  

·The feedback can be one-to-one or in-group sessions.  

·Finally, you will receive summative feedback within 20 working days of your final submission. Please note that the summative feedback and the grades remain provisional until approval from the exam board. 

·Academic Integrity is a matter that is taken very seriously at the university and student should endeavour to enforce it to all their assignments. In other words, plagiarism, collusion (working and copying from another student) and ghost writing will not be tolerated and will result in sanctions eg: capped resit, suspension and/or withdrawal. Correct referencing demonstrates your academic and professional skill. It also reflects your academic honesty and thus to some degree protects you from cases of plagiarism. 

·You must write your assignment in your own words to demonstrate your understanding of the subject.  

·Material from external sources must be properly referenced and cited within the text using the Harvard referencing system, 

·You are required to follow the Roehampton Harvard referencing System. Please refer to Moodle for the latest version of the Roehampton Harvard referencing System or ask the library. 

·An accompanying list of references (on a separate page and in alphabetical order) must also be provided as part of your work.  

·Plagiarism: occurs when you present somebody else’s work as your own, whether that work is an idea, graphs, figure, illustration or a pure text. Be it available in web, textbooks, reports or otherwise.  

·Wholesale use of text and diagrams from websites is considered as plagiarism when not acknowledged.  

·Plagiarism will be dealt with firmly and can lead to serious consequences and disciplinary procedures.  

·Collusion: occurs when copying another student’s report (Text, Figures, Illustration etc..) and submitting it as your own.