Computer Security for Need4Help Charity

Learning Outcomes tested in this assessment

This assignment will assess the following learning outcomes:   

1. Demonstrate critical understanding of the theoretical underpinning of computer security elements and countermeasures.
2. Critically evaluate current security issues and industry standards.
3. Demonstrate critical understanding of defence in depth and hardening the system concepts.
4. Critically analyse the main goal of access control systems in computer systems and apply techniques to support message confidentiality, authentication and integrity.
5. Critically appraise social, ethical and legal considerations in computer security.

A Cyber Security Breaches Survey 2019 released by Department for Digital, Culture, Media and Sport reveals that Cyber-attacks are persistent threat to businesses and charities. The statistical release of this survey shows 32% (one third) of businesses and 22% of charities (two in 10) reported to be victim of Cyber Security breaches in last one year. These figures accumulate to 52% of the incidents, which are higher than the last year incidents among the medium size business and charities. Phishing and malwares are reported to be major reasons behind breaches and cyber-attacks. Whereas Crime Survey for England and Wales (CSEW) and office of National Statistics in UK have reported spread of viruses and other malware software and phishing as Computer misuse crime. The survey further suggests the need for better security controls to mitigate such computer security breaches, so small business and charities can avoid any rising financial implications as a result of compliance and also bad publicity, which could result in serious implications to their business continuity.

Need4Help is a UK based charity, which helps people fight poverty around the world. Currently, the organisation has London based office only where 20 volunteers work in different shifts and use computers to register personal information related to people who donates and those who need help. These computers are shard by different staff members and are connected to Local Area Network for data sharing and Internet for email communication. The organisation understands the significance of the cyber security threats and want to ensure their computers are secure enough and maintain Confidentiality, Integrity and Availability (CIA) of critical data they hold.

Your task is to provide a report providing critical evaluation of computer security elements necessary to address CIA of computer security, latest cyber security challenges and its countermeasures, recommendation of framework for a given problem and provide understanding of user access control management to strengthen computer security in the context of given scenario.

Critically appraise 5 elements of computer security which could be potential risk for information as well as computer systems.  Discuss example of each and provide countermeasures in the context of Cyber Security to prevent these elements from any compromise for a given scenario.

Maintaining computer security involves implementing suitable preventative measures, detecting potential vulnerabilities, detecting possible threats, detecting compromised systems and handling incidents against cyber threats. However implementation of appropriate controls require in depth understanding of the business operations and the computers facilitating organisations objectives. Provide critical understanding of key Computer Security issues in given scenario using Threat Intelligence Concept.

Provide critical appraisal of most common cyber security frameworks available to protect computers against insider and outer Threat Actors. Also provide rationale of the choice considered for a given context.

Every organisation need to have robust processes in place to strengthen the security of their computer systems by implementing user control access management for its users. If users are provided with unnecessary system privileges or data access rights, then the impact of misuse or compromise of that users account will be more severe than it need be. The concept of least privileges is a fundamental computer security principle to safeguard computers against any escalation of privileges.

Your task is to explore different objects available in Active directory for User Account Management. Implement identity and access management controls to improve the computer security. Walk through snippets with some commentary should be required to demonstrate understanding of Active Directory (AD) installation steps, understanding of AD default Groups and Users, Securing Administrative Accounts, Investigating Group Policy and Configuring Users & Groups with explanation of how it can be an effective solution to a given problem to avoid any future security breach.

Critically explain the code of conduct required for an IT professional relating to social, ethical and legal considerations in computer security domain