IT Security Management Assignment Solutions - Workshops 1-12

Verified

Added on 2023/01/10

AI Summary

This document presents a comprehensive solution to an IT Security Management assignment, encompassing detailed responses to workshops and case studies. The assignment covers a wide range of topics, including the application of the CNSS model and McCumber Cube for information protection, analysis of the Australian Privacy Principles, and the implications of the Assistance and Access Act. It delves into physical security measures, risk assessments, and the development of IT security policies. The assignment also includes a case study on John Dough Pizza, analyzing its security management issues, compliance with ISM, and incident response strategies. Furthermore, the document explores job hunting websites, required qualifications, and the role of AI, data lakes, and blockchain in cybersecurity. The solutions provided offer insights into secured software development and the defense against trespassing, along with asset identification and incident management.

IT Security
Management

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Table of Contents
Workshop 1......................................................................................................................................1
Exercise 1.........................................................................................................................................1
Brief statement for addressing 27 cells of CNSS model........................................................1
Exercise 2.........................................................................................................................................3
Impact if information in system is compromised...................................................................3
Workshop 2......................................................................................................................................4
Exercise 1.........................................................................................................................................4
Brief statements for producing whether firm needs new policies in context of new Assistance
and Access law.......................................................................................................................4
If Technical Assistance Request is provided to intercept message, will you comply it.........4
Compare technical assistance request, technical capability notice and technical assistance
notice......................................................................................................................................4
Which needs to have quick actions by firm............................................................................5
Exercise 2.........................................................................................................................................5
Choose 3 principles from Australian Privacy Principles for on-line game that are utilised by
school children........................................................................................................................5
Exercise 3.........................................................................................................................................6
Approaches for improvisation of staff awareness..................................................................6
Workshop 3......................................................................................................................................6
1. Define physical security................................................................................................6
2. List issues that can take place while managing physical security of art gallery...........6
a. Creation of 5 issues.......................................................................................................6
3. Carry out risk assessment for issue identified...............................................................7
a. Probable risks associated with issue.............................................................................7
4. Legal & ethical issues while developing new policies.................................................7
a. Concerns related with legal as well as ethical concerns...............................................7
5. Develop physical security policies................................................................................7
6. Formulate structure of policy document from SANS policies......................................8
1. Illustrate new security policies......................................................................................8

a. Specify policy name......................................................................................................8
b. What is policy based on................................................................................................8
c. How much existent policies can be reused...................................................................8
d. Risks that will be addressed by policy..........................................................................8
e. Success of policy...........................................................................................................8
Discuss that IT security policies taken are enough that can be adapted within distinct security
environment............................................................................................................................9
Workshop 4......................................................................................................................................9
2. Identification of peculiar security management issues that prevails in JOHN DOUGH9
3. Identify types of controls within chapter....................................................................10
4. Statement that summarizes current levels for compliance with Government.............10
5. What immediate action is required by JOHN DOUGH to improvise security...........10
The controls illustrated are reasonable for business or they overkill...................................11
How firm can comply with ISM...........................................................................................11
How to prove compliance with ISM....................................................................................11
Workshop 5....................................................................................................................................12
1. By usage of internet identify job hunting website......................................................12
There are various websites which are being utilized by individuals for identification of
appropriate job as per their qualification. They are: Adzuna, CareerOne, CareerJet, Gumtree,
Indeed Australia, JobActive powered by JobSearch, GradConnection, Job Seeker and many
more that aids people to have jobs as per their requirements. There are various job roles with
reference to IT and individuals can apply for them as per their qualifications....................12
2. List 10 titles which are advertised...............................................................................12
3. Identify qualification needed for job...........................................................................12
A, b, c Qualification, desired or mandatory and Industry certification or degree................12
4. Rank the qualification.................................................................................................14
5. Identification of 3 required industry certification.......................................................14
6. Write description of ideal candidate...........................................................................15
1. Identify role that has to be fulfilled.............................................................................15
a. Specify role of title......................................................................................................15
2. Illustrate what other firms are doing in reference to needs of role with identical title15

3. Qualification that is expected......................................................................................15
4. Explicate ideal Job in context of job advertisement read............................................16
Workshop 7....................................................................................................................................16
1. List IT security programme for evaluation. List 5organisation and programmes
identified...............................................................................................................................16
2, 3. Identification of goals of programme and Illustrate 5 words for programme..............16
4. Illustrate one programme in depth..............................................................................18
5. Evaluate programme...................................................................................................18
1. Write introduction on IT security programme that is being examined.......................19
2. Goals of programme....................................................................................................19
3. Why programme is evaluated.....................................................................................19
4. Create a logic map for programme.............................................................................19
5. Formulate evaluation questions..................................................................................20
6. Write short statements.................................................................................................20
Discussions....................................................................................................................................21
What questions would assist within evaluation of IT security programmes........................21
Illustrate difficulties encountered while carrying out research on IT security programmes 21
Workshop 8....................................................................................................................................22
Identify ways in which secured software development assist John Dough Pizza................22
Workshop 9....................................................................................................................................22
Task 1: What kind of devices will be used for defending trespassing?................................22
Task 2: Why halon-based fire technologies are not helpful?...............................................23
Task 3: How fire triangle is adequate within IT security.....................................................23
Workshop 11..................................................................................................................................24
1. Illustrate 5 assets for John Dough Pizza.....................................................................24
2. Specify major incident that create influence on asset.................................................24
3. Illustrate impact of incident........................................................................................25
4. Take into account “incident response actions” if incidence takes place:....................25
a. How to recognise that incident is taking place...........................................................25
b. Illustrate steps that can be taken when incident takes place.......................................26
c. Specify steps needed for recovering incident.............................................................26

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

5 How incident reports will decline the influence to asset............................................26
6 Specify 3 steps that can lead to minimise influence of incident.................................26
Discussion......................................................................................................................................27
Specify incident along with overview of response actions..................................................27
How effectively incident response plan diminish influence of JOHN DOUGH..................27
Workshop 12..................................................................................................................................27
1. Role of AI in cyber security........................................................................................27
2. Role of data lakes in cyber eco-system.......................................................................28
3. Key challenges within deployment of blockchain......................................................28
4. Will you prefer edge computing above cloud.............................................................28
References......................................................................................................................................30

Workshop 1
Exercise 1
Brief statement for addressing 27 cells of CNSS model
McCumber Cube also referred to as cybersecurity cube which is developed for
management of protecting domain, internet and network. This has three dimensions which are
based on information security, states of information and identification of expertise needed for
protection (Brunner, Mussmann and Breu, 2019). The 27 cells of cube are specified below:
1. Confidentiality/Policy/Storage: This can be attained by formulation of policies assist
students within having access to peculiar course content and access their own
information, grades and class work.
2. Confidentiality/Policy/Processing: Develop policies through which students can alter
their confidential data like user ID, password, user profile and many more aspects.
3. Confidentiality/Policy/Transmission: This involves policy that will restrict uploading as
well as downloading of personal documents and class work for peculiar authorized users
along with professor.
4. Confidentiality/Education/Storage: It has to be ensured that students go via orientation
that will teach them the ways they can secure their information by keeping their
credentials with them only (Chen and Zhu, 2019).
5. Confidentiality/Education/Processing: Educating professor and student related with
their confidential data private so that third person do not access or can alter the work.
6. Confidentiality/Education/Transmission: Illustrating students the ways in which they can
upload and download information from class as well as ensure that any kind of sensitive
information is not uploaded like assignment solution is not uploaded in discussion forum.
7. Confidentiality/Technology/Storage: Adequate security like firewall aids registered
professors and students for accessing class documents and data within peculiar access
ports.
8. Confidentiality/Technology/Processing: Ensuring that virus protection and firewall
assist professors and students within altering their personal information like profile and
User ID (Cockcroft, 2020).
1

9. Confidentiality/Technology/Transmission: Malware software and virus runs scans on all
the information that has been uploaded on canvas servers.
10. Integrity/Policy/Storage: Creation of policies will lead to ensure that each users information
cannot be altered by third person intentionally or unintentionally (Dotsenko and et. al,
2019). Only peculiar users will be rendered access to it.
11. Integrity/Policy/Processing: Formulation of policies that will lead them to ensure that
users need to follow certain format when altering personal information like password.
12. Integrity/Policy/Transmission: Creation of rules which will assist authorized users for
making changes within personal information into canvas site.
13. Integrity/Education/Storage: Educating professors and students with reference to ways
in which they cannot cause any security issues while storage of information.
14. Integrity/Education/Processing: This involves educating people with reference to what,
how and where alterations can be made within canvas environment.
15. Integrity/Education/Transmission: This involves that while transmitting information
integrity is maintained and is not altered by intruder.
16. Integrity/Technology/Storage: Setting up technology through which all the uploaded
files within canvas site are complete and cannot be modified when uploaded (Dotsenko
and et. al, 2019).
17. Integrity/Technology/Processing: It has to be ensured that firewall allow alteration to
class data when it is required like being able to make post when it is needed.
18. Integrity/Technology/Transmission: Setting up installed technologies so that entire data
which is transmitted is attained completely.
19. Availability/Policy/Storage: Policies needed to enact so that information which is stored
within can be accessed by everyone in class but each must have their own credentials and a
peculiar format agreed upon.
20. Availability/Policy/Processing: Policies are liable for restricting editing of information
for enrolled professors and students.
21. Availability/Policy/Transmission: Creation of policies which will ensure that data is
being available for authorized users and they can only make downloads as well as make
upload when needed (Gangawane and et. al, 2019).
2

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

22. Availability/Education/Storage: Educate each professor and student related with how
and where information can be stored as well as accessed whenever this is needed.
Furthermore, they should not allow others to access their information.
23. Availability/Education/Processing:Students and teachers must be educated with respect
to ways in which they can change their information by making use of relevant
authorization and its availability (Gutta, 2019).
24. Availability/Education/Transmission: Adequate knowledge must be imparted to entities so
that they can transmit information to relevant areas and even do not cause any serious issues
accidentally.
25. Availability/Technology/Storage: This involves ensuring that technologies for setup that
will assist authorized users for having access to relevant information as per requirements.
26. Availability/Technology/Processing: Technology can be set up through which authorized
individuals like professors and students can alter their private information at any instance
of time.
27. Availability/Technology/Transmission: This involves ensuring that technology is being
installed that will not restrict authorized users from having access to downloads as well as
uploaded documents within the class site (Huang and et. al, 2019).
Exercise 2
Impact if information in system is compromised
This has been experienced by me and found that identity theft is a serious that has to be
taken into consideration. Identity theft is defined as fraudulent practice that involves making use
of name of other person and their personal information in order to have certain credits or carry
out any unauthorised practices. I have kept lots of personal information like some projects,
private photographs and office information but this will not be difficult for third person to steal
identity if they are able to get access within the system. Identity theft is one of the most serious
issues but a nightmare for dealing within context of social security issues. In case if information
present within my personal computer is compromised due to loss of credentials then someone
else can have access to my assignments and can pretend to be there by downloading them (Iwai
and et. al, 2020). In addition to this, if data within hard drive occurs then and it fails, in case if
3

there is no backup then i will lose my hard work for which I have given time. Furthermore,
memories will also be lost and everything that is present within the system.
Workshop 2
Exercise 1
Brief statements for producing whether firm needs new policies in context of new Assistance and
Access law
New policies can be introduced by CISO and CTO with reference to new law as it has
brought in some major reforms that will assist agencies within having intelligence as well as
evidence that they may aid them within delivering their operations. This involves enhancement
within industry cooperation law enforcement as well as security agencies (Jin and Wang, 2019).
It will also improvise computer access powers. This will assist
awesomeonlinegamethatkidslove.com to have surveillance activities that will enable them to
amplify the security levels related with activities carried out by them. It will enable them to have
enhanced obligations of business by rendering adequate interaction to services that will assist
agencies.
If Technical Assistance Request is provided to intercept message, will you comply it
When any TAR is provided then depending upon the situations that are being
experienced by business then it can be complied with. It will enable business to have civil
immunity with respect to services carried out by them with adequate assistance. The civil
immunity will be provided to them in case they comply with request as assistance.
Compare technical assistance request, technical capability notice and technical assistance notice
The voluntary request that is being issued from head of interception agency, ASIO
(Australian Security Intelligence Organisation), ASD (Australian Signals Directorate) or ASIS
(Australian Secret Intelligence Agency) for prescribed purpose is referred to as TAR (technical
assistance request).
Technical assistance notice denotes a compulsory notice that is being issued via ASIO or
head of interception agency, if a communication provider is requested to render assistance if
there capabilities permit them to do so (Johnson and et. al, 2020). With reference to this, provider
needs not to develop capabilities which are not possessed by them for complying with TAN.
4

Technical capability notice is being issued as a compulsory order jointly by Minister for
Communication and Attorney General, at request of ASIO. In case any provider is requested to
render assistance with reference to TCN then they must provide relevant assistance that
comprises of formulation of capabilities for providing adequate services.
Which needs to have quick actions by firm
Both TCN and TAN needs quick actions as it involves compulsory orders to which
communication providers have to comply to (Karimi and Peikar, 2019). But with reference to
TCN it becomes a time consuming process as in this case capabilities have to be developed that
will utilised for rendering assistance.
Exercise 2
Choose 3 principles from Australian Privacy Principles for on-line game that are utilised by
school children
There are 13 principles which can be utilised as per the requirements and to ensure the
security of information. With reference to on-line game, they are specified below:
 Open and transparent management of personal information (APP 1): This is liable for
outlining requirements of APP entity for management of their personal information.
With reference to this, entity is liable for taking up reasonable steps for execution of
practices, systems and procedures. The entity must have up to date APP with reference
to ways in which personal information is being managed by them.
 Collection of solicited personal information (APP3): This is liable for collecting
solicited personal information. The entity can only have information in case it is
reasonably crucial or is directly associated with activities or functionalities of
organization (Kaušpadienė, Ramanauskaitė and Čenys, 2019). The sensitive information
can be only gathered if the specification illustrated above is met and precise consent
from individual is attained. This must be collected in fair and lawful manner.
 Security of personal information (APP 11): The entity needs to take relevant and
reasonable steps for protecting personal information that is being possessed by them
from any kind of interference, loss misuse, unauthorized access disclosure or
modification. With reference to this, entity need to make sure that information is de-
identified (Sennewald and Baillie, 2020).
5

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Exercise 3
Approaches for improvisation of staff awareness
Employees are greatest assets as well as risk within each organisation in context of cyber
security. One intentional or unintentional click by staff member can destroy entire network.
Thereby improvisation of staff awareness is essential and must be a priority for each firm
(Subramanian, Neelakanteshwar and Purushothaman, 2020). Some of the approaches as per
ACSC site are mentioned beneath:
 Promotion of processes and documentation
 Designing a program
 Utilizes examples to illustrate risk caused by any particular activity of staff
 Keep it adequate
 Board level buy in
 Involve employees and get competitive
 Promote safe behavior towards customers
 Extension of training to suppliers
 Measure the outcome.
Workshop 3
1. Define physical security
The protection of physical assets, property and people from actions as well as events that
can lead to loss or damage is referred to as physical security. This involves networks, data,
hardware and software from any kind of loss (Turel, Xu and Guo, 2020). It also comprises of
protecting firm or agency from vandalism, natural disaster, fire, terrorism, theft and burglary.
2. List issues that can take place while managing physical security of art gallery
a. Creation of 5 issues
The art gallery is vulnerable to following physical security issues, they are mentioned
below:
 Unauthorized access to storeroom
 Accidental damage of art work
 Weak control over keys
6

 Lack of reports
 Inadequate passwords within system to prevent loss
3. Carry out risk assessment for issue identified
The major risk upon which art gallery need to think on is inadequate passwords in
their system.
a. Probable risks associated with issue
Within each organisation there are some aspects in terms of private or confidential
information like employee’s details, customers information, strategies, stakes, stakeholders,
financial assets and many more which adds value to ways in which operations are being carried
out by art gallery (Wang, Che and Jing, 2019). But in case if this information is compromised
then what impact will it have on their functions. For an example, if third person get access to
their information then there is higher probability that they will misuse this. Thus, it is important
to acknowledge that they have strong passwords in their system so that it becomes difficult for
intruder to access their confidential information.
4. Legal & ethical issues while developing new policies
The legal aspects associated with issue are that personal information about company or
their assets must not be compromised due to the mistakes of organisation or due to internal
personnel. The ethics comprises of right and wrong which must be taken into consideration while
formulation of policies (Killer, Rodrigues and Stiller, 2019). An example can be taken to
understand this aspect like if weak passwords like admin or name of person is used then it will be
not a difficult task to get into the system of art gallery.
a. Concerns related with legal as well as ethical concerns
These issues can be controlled by opting for usage of precise and adequate security
policies that will assist to minimise overall impact which will be created. Legal and ethical
aspects have to be taken into consideration by art gallery to ensure that their information is not
vulnerable to any external or internal threats. The major concern is hacking, identity theft and
malicious attacks which can take place due to weak passwords easily.
5. Develop physical security policies
Systems are vulnerable to attacks which make it important to assess vulnerabilities that
have to be remediated (Kirti and et. al, 2020). The purpose of policy is to illustrate assessments
7