1
COMP9721 Assessment 2, S1-2018
COMP9721- Enterprise Information Security
Assessment 2 – Contingency Planning
Semester 1, 2018
Details:
Title: Assessment 2 – Contingency Planning
Due Date: 5.00 PM (GMT+8) Friday, 4th May 2018
Value: 30% of the final mark for the topic
Length: Maximum of 2000 words (excluding cover page and references)
Purpose of this assignment:
The purpose of this assignment is to support the following Learning Outcomes (LO) for this
topic:
LO1: Understand the purpose and context of a range of typical business information
systems.
LO2: Understand the importance of securing the information of an organisation.
LO3: Recognise the security issues associated with the integration of various information
systems within an enterprise.
LO4: Understand the principles of computer security.
LO5: Analyse security risks and prepare information and computer security plans.
LO6: Prepare and present consultant's reports on aspects of computer security.
LO7: Critically analyse publications in the area of computer security.
The assessments in this topic follow on from one another (formative) across the three assessments.
This means that you will to use the preceding assessment to complete the following one. For
instance, you will need the outcome from Assessment 1 to be able to complete Assessment 2, and
the outcome from Assessment 2 to complete Assessment 3.
Case Study:
Megacorp, a subsidiary of Generico Inc., have hired you to undertake a full risk assessment of
their cu
ent security posture as they prepare to move to operating on a multinational scale.
Megacorp cu
ently processes and stores financial and client data in-house, with cloud
services for operational usage and productivity.
Staff work on Windows desktops, with an ad hoc patching cycle. There is also a backup system
for the legacy in-house Windows servers, although the details of how this is configured is
2
COMP9721 Assessment 2, S1-2018
unknown as the System Administrator responsible for this process has recently left the
company and did not leave any documentation on this. Megacorp use an old storage room as
their server room, as the legacy software sometimes requires easy physical access to the
servers running them for maintenance. The office is open-plan, and staff are encouraged to
get up and move around during the day. The cloud system is used mainly for document
collection, although there is not a mandated service specified by the company.
Task:
Based upon your risk assessment and risk register from Assessment 1, you must now develop
contingency plans to complement the risk assessment. This assessment is designed to
demonstrate your ability to assess the potential impact of security incidents on a business
and to develop suitable contingency plans for managing the risks to the business.
The contingency planning document, based upon your risk assessment and risk register
from Assessment 1 should include:
- Impact Analysis of major threats
- Continuity Planning Measures, with respect to operations at the three organisational
levels:
o Strategic
o Tactical
o Operational
Remember that this second assessment forms the basis for the Assessment 3 and therefore
should be as complete as possible.
Report Requirements:
Must Contain
Cove
Title Page
This must contain the topic code and title, assignment title, your name
and student identification, due date.
Table of Contents
This must accurately reflect the content of your report and must be
generated automatically in Microsoft Word with page numbers.
Introduction
A
ief outline of what the document includes, how it is structured, and
how you approached the contingency plan development.
Main content – Impact analysis and
oad contingency plan areas
You should structure this under appropriate headings.
References
A list of end-text references formatted according to the Flinders APA
Referencing XXXXXXXXXXPDF 95KB) requirements. It is recommended that
Endnote is used to manage references. Your references should comprise
of books, journal articles, and conference papers.
http:
www.flinders.edu.au/slc_files/Documents/Blue%20Guides/APA%20Referencing%20%282017%29.pdf
http:
www.flinders.edu.au/slc_files/Documents/Blue%20Guides/APA%20Referencing%20%282017%29.pdf
3
COMP9721 Assessment 2, S1-2018
Format
This report should be no more than 2,000 words (excluding cover page,
eferences and diagrams) and labelled as
studentid_your studentlastname_studentfirstname>.docx and should
e in a single file. Your assignments must be word-processed and the
diagrams be developed using graphics software (most word-processors
provide this facility). The text must be no smaller than 12pt and font
Times New Roman
Marking Ru
ic:
30% Total = 30 marks
Assessment criteria Maximum marks for
this element
Student mark
Impact Analysis
Impacts follow risk assessment
and asset(s)
3
Impacts are realistic in scope 5
Impacts focus upon business
impact(s)
5
Continuity Planning
BIA follows the risk analysis 5
Plans are realistic in protection
vs. asset value
5
Justifications for protections
are realistic
2
RTO & RPO are realistic
achievable
3
Report
Layout & Readability 0.5
Language Usage 0.5
Content Covered 0.5
Referencing 0.5
Total mark 30 (Maximum)
Late submission:
As stated in the official Statement of Assessments Methods (S XXXXXXXXXXfor this topic, an
assessment submitted after the fixed or extended time for submission shall incur a penalty to
e calculated as 5% of the total mark for the assessment for each day, (or part thereof) up to
5 business days (Monday-Friday) it is late. After 5 days the assessment will be awarded a zero
(0) mark.
4
COMP9721 Assessment 2, S1-2018
Academic Misconduct (Including Plagiarism):
Flinders University regards academic misconduct of any form as unacceptable. Academic
misconduct, which includes but is not limited to, plagiarism; unauthorised collaboration;
cheating in examinations; theft of other students’ work; collusion; inadequate and inco
ect
eferencing; will be dealt with in accordance with the Flinders Policy on Academic Integrity
Policy.
http:
www.flinders.edu.au/academicintegrity/
http:
www.flinders.edu.au/academicintegrity/student.cfm
Turnitin:
Turnitin is expected to be used for all assignments across the University. More information and links
to Turnitin can be found on FLO. It is recommended that you submit a draft of your work via the
Turnitin draft mechanism, to check it for e
ors in advance. Leave sufficient time for this process,
which can be up to 24 hours.
Extensions:
If you require an extension for submission, you may request one, on an individual basis through the
automated extension request tool located on FLO. This is in the ‘General’ section on the FLO topic
page.
http:
www.flinders.edu.au/academicintegrity
http:
www.flinders.edu.au/academicintegrity/student.cfm
As an idea of what should be considered a baseline, you can consider the following table for vulnerabilities/assets/weightings.
Things that should not happen:
· You hand me back this exact table. If this happens, you are committing plagiarism, and will be subject to the university academic misconduct policy.
· You fail to expand the table below as basis, if you just do your planning based upon only this table, you will fail the assignment.
· This table is not perfect and has issues. Apply some critical analysis, and see how you would improve it.
As always, any questions, 1-2-1 on FLO or book an appointment with me to go over it.
Asset
Asset relative value
Vulnerability
Loss
frequency
Loss
magnitude
Physical Servers
100
Unauthorized access to the room, Intruders, Denial of service, Memory co
uption
0.5
50.00
Software developed
100
Lack of patching cycle, test e
ors, compatibility e
ors, hacking
0.1
10.00
Trade marks
100
Information Discloser, inco
ect classification
0.1
10.00
Services information
97
Unintentionally malicious,
0.2
19.40
Solution designs
96.5
Liable Flaws
0.3
28.95
Project schedules
93.5
Financial Penalty Clauses
0.4
37.40
Customer information
93
3rd Party access
0.5
46.50
Product information
90
Inventory tag failure
0.5
45.00
Procedures
90
Out of Date
0.3
27.00
Assessment 2 XXXXXXXXXXRohan Taneja
COMP9721- Enterprise Information Security
(Assessment 2 – Contingency Planning) Comment by Scott Anderson: Why
ackets?
XXXXXXXXXXName: - Rohan Taneja
XXXXXXXXXXStudent Id: XXXXXXXXXX
XXXXXXXXXXFan Id: - tane0012
XXXXXXXXXXDue date: - 4th May, 2018
Executive Summary
Comment by Scott Anderson: This present to me the ‘elevator pitch’ or ’60 second explanation’ of the entire report, and not read like an introduction.
IT frameworks are considered as vulnerable against an assortment of inte
uptions, that starts from mild like disk or power failure to serious like any