QUT SCIENCE AND ENGINEERING FACULTY IFN511 Security Management Semester 1 2019 Assessment Item 1:...

Question

QUT SCIENCE AND ENGINEERING FACULTY
IFN511 Security Management Semester 1 2019
Assessment Item 1: Report

1 Report Organisation

1.1 Working together
This is a group assessment task; your group for this task should have two members. You are free
to select your own group members from the IFN XXXXXXXXXXcohort. Important points to consider
when selecting group members are listed on the IFN511 Blackboard site, under the Assessment
section: ‘Assessment -> Assessment Item1: Report -> Forming a group for the report’.

Sign up to a group on the Blackboard site in the Assessment section. Students who have not
notified the unit coordinator of group details in Blackboard by the 18th April will be assumed to
e doing the assignment individually and allocated to a group of one by the unit coordinator.

1.2 Report Phases
There are two marking phases for this project: preliminary marking and final marking. 
1. (5%) Preliminary marking (28th April 2019): For this phase, your group needs to complete
the preliminary report form (available on Blackboard) and submit it via Blackboard.

At this stage, we do not expect your draft to be a polished report. However, you must be
able to demonstrate progress in locating resources relevant to your topic, recording
eference details and developing the content of your report. The tutors will provide
feedback on your progression.

2. (25%) Final marking: Your group should submit an electronic copy of your completed
eport for marking by the due date (2nd June XXXXXXXXXXSubmission for final marking is
through the blackboard site; look for the Turnitin submission link below the report
specification link.

1.3 Academic report writing:
An important aspect of this assessment task is locating relevant information, either in online
esources or in print media. However, it is important that the report is written in your own words.
Do not just 'cut and paste' or copy information from any source into your report: that is
considered plagiarism (a
each of academic integrity) and is not acceptable in Australian
universities. If this is detected, the Unit Coordinator is obliged to notify the Faculty Academic
Integrity Committee, and the penalties imposed may be severe (See the QUT MOPP for details).

A useful guide to referencing, citation and report writing is: http:
www.citewrite.qut.edu.au/.
The QUT li
arians are also willing to provide assistance; check the QUT Li
ary homepage for
links.
2 Background Information
Computers and networks are a vital part of the information systems of many organisations. We
depend on these information systems for the provision of services across all sectors of the
economy. However, vulnerabilities exist in these information systems: within information assets
such as the operating systems and application software, and with the people or procedures that
are employed. These vulnerabilities can be exploited by others and must be considered by the
organisation during the risk management process. Threats acting on these vulnerabilities can
esult in serious harm to organisational assets.

3 Assessment Task
Each group is required to write a report for an organization with a computer network connected
to the internet on one of the information security issues in the list below.

NOTE: The organisation that you write about in your report need not be an actual organisation,
it can be hypothetical. Write as if your group are information security consultants providing the
organisation’s executive with a report on an issue that they are concerned about.

For your report topic, choose one of the following topics:
1. Access by authorized third parties (such as vendors, consultants and contractors) to an
organisation's networks.
2. Employee use of personal devices for work purposes (BYOD) both at work and elsewhere.
3. Protecting the privacy of customers and employees with regards to the Australian Privacy
act as well as the General Data Protection Regulation (GDPR).
4. Addressing industrial espionage (including both internal and external parties).
5. Use of external cloud providers for essential business services such as storage, email or
web application hosting.

Your report should describe your hypothetical organisation and discuss the security issues
associated with the chosen topic in some detail, and the control measures that could be applied.
Your report must relate this specifically to the organisation you have chosen.

• Description of your hypothetical organisation: which industry sector, what
product/service it provides, the size and structure of the organisation (head office,
anches, numbers of employees & customers), the information assets of the
organisation.
• Discussion of security issues: clearly explain what the issue is, identified threats to the
organisations’ information assets, aspects of the organisations' information system that
are vulnerable and why, how these vulnerabilities could be exploited and the possible
outcomes if that exploitation occurs. Explain which information security goals may be
compromised (CIA). Where other organisations have experienced similar issues or attacks
previously, describe the attacks and the level of damage caused.
• Information security controls: explain the controls (technology, policy and practice,
education, training and awareness) available to address the identified issues. Which
controls are applicable to the organisation you are writing the report for? Give specific
ecommendations.

4 Report structure and format
Your report should be written in Word (you can save it and submit in PDF format), with a header
and footer on each page. Include student numbers and names of group members in the header,
and the unit code IFN511 and page number in the footer. Use 12-point font. The report should
have the following sections:

• Title page
• Abstract
• Table of contents
• Introduction
• Discussion
• Conclusion
• Recommendations
• References

Use the QUT APA style for citation and references. The report body should be no longer than 10
pages (excluding the title page, abstract, table of contents and references).

    QUT SCIENCE AND ENGINEERING FACULTY
    IFN511 Security Management Semester 1 2019
    Assessment Item 1: Report
    1 Report Organisation
    1.1 Working togethe
    1.2 Report Phases
    1.3 Academic report writing:
    2 Background Information
    3 Assessment Task
    For your report topic, choose one of the following topics:
    4 Report structure and format

ifn511-2019-report-specification1-3f50edm3.pdf

Kuldeep · Accepted Answer

Espionage
Topic: Addressing industrial espionage
Student Name:
University Name:
Date:
Contents
Introduction	3
Discussion	3
Description of hypothetical organisation	3
Discussion of security issues	4
Conclusion	7
Recommendations	8
Information security controls:	8
References	12
Introduction
In a highly competitive or global business environment, independent intellectual property as well as financial information is considered to be the most expensive commodities in all countries, especially advanced commodities. Healthcare industry involvement in the espionage for function of illegal or secret access to sensitive economic, trade and economic policy data, sensitive/proprietary financial information; or key technologies included however not restricted to plans, data, tools, compounds , mechanisms, design, process, formula, program, code and business strategy, whether intangible or tangible, to gain a competitive business benefit. The proprietary data so stolen might have been store, memorialized or compiled physically, graphically, photographically, electronically, or in writing as well as might be protected reasonably by owner or not available to common public. 
Discussion 
Description of hypothetical organization 
Canberra Hospital is the largest public hospital in our region. Canberra Hospital provides care to more than 500,000 people through a range of services, including acute hospitalization and day services, outpatient services, women's and children's services, pediatrics and pathology. Canberra Hospital is a public hospital located in Garran, Canberra, Australia's capital Territory. This is a three-level center with 672 beds and can accommodate approximately 550,000 people. It is the main teaching hospital of the Australian National University School of Medicine. It is also a teaching hospital for the University Of Canberra School Of Nursing ("Canberra Hospital | Health", 2019). In addition, the hospital has close links with the John Curtin School of Medical Research. The hospital is also the main regional centre for clinical animal husbandry education, working with the Sydney Theological Seminary and the New South Wales School of Clinical and Pastoral Education to provide courses through the Canberra and Regional Mental Care and Clinical Pastor Education Centres. Canberra Hospital currently has almost 300 employees ("Canberra Hospital | Health", 2019).
As the healthcare industry shifts from paper records to electronic records, the medical industry has relied heavily on information technology and the Internet. Healthcare information systems must provide high-quality services to patients through patient data and provide efficient knowledge sharing for healthcare professionals. With the widespread use of the Internet in hospitals, the medical industry has gained its share of cyber threats from other industries around the world. The challenge is to transfer knowledge to hospital staff while ensuring compliance with safety regulations.
Discussion of security issues 
Theft or illegal receipt of the economic information and intellectual property, especially by foreign governments and competitors, threatens the growth and production of the goods generated by such information, as well as leads to losses in profits, company and foreign governments itself, which may lead to a weakening of a country’s Economic strength. Because of Canberra Hospital data-driven environment, hospital tends to face threats seriously, moreover in the process of seeking power, maintaining control, and hence there is a need to address industrial espionage both externally and internally support espionage and treat. It is free to participate in espionage, utilizing technology and information as an armament for economic and business warfare (Zemplinerova, 2013).
Industrial espionage processes can be separated into four categories: evaluation, collection, analysis and requirements. First, the needs must be establish. It's the goal of a person and it is almost certain to provide particular information about a particular job and work in a business and organization. In most cases, a third party asks for protection from liability on the investigation, organization or company. Many companies focus their espionage on specific activities or tasks only. The second stage allows collector to focus. The compilation of industrial espionage is a key component. This is an important aspect of making payments and the biggest risk involved. These individuals are required to assess the risks associated with obtaining information or data, as well as the value of the fees they have and the risks associated with them (Aisen & Veiga, 2011). You can use any of the following methods to get the information / data needed by the person who collects / receives information: Physical information, electronic attacks and attacking employees to obtain necessary information. If the prize is such a great (final), they will get any length required for information if necessary. If the request is an active copy of the product of the company,

QUT SCIENCE AND ENGINEERING FACULTY IFN511 Security Management Semester 1 2019 Assessment Item 1: Report 1 Report Organisation 1.1 Working together This is a group assessment task; your group for this...

Solution

Answer To This Question Is Available To Download

Related Questions & Answers

Submit New Assignment