Data and Information Security
Learning Outcomes:
1. Explain security mechanisms and security services, encryption techniques, network
intrusion detection systems (NIDS) and firewalls, network security
2. Appraise security problems and threats to data and IT systems.
3. Analyze information security risks across diverse settings including the internet and WWW based commerce systems, clouds, funds transfer systems etc.
4. Formulate information security mechanism for a given business environment.
5. Distinguish between ethical and unethical practices in relation to information
systems.
Introduction
Data and Information security is a company’s protective measures put in place to
keep any unauthorized access out of their databases, websites, and computers.
Basically, this process offers a mechanism to protect data from corruption or loss and
to safeguard against cyber attacks.
There are many reasons why data and information security for any business is
important and these may include :
Business May Suffer from Cyber–Attacks
Your Company’s Assets Include Your Data
Avoids Unnecessary Expenditures
Hackers Can Automate the Cyber–attack Process
Protect Your Company’s Reputation
Case Scenario
You are part of a Cybersecurity Consultancy firm, and your team has been
allocated to one of the projects mentioned below:
Project 1 – Waikato District Healthboard Cyber attack – May 2021
On 25 May, an unidentified group claimed responsibility for the hack and issued an ultimatum to the Waikato DHB, having obtained sensitive data about patients, staff and finances. The Waikato DHB and New Zealand Government ruled out paying the ransom.
Project 2 – DDOS attacks on NZ’s financial institutions – September 2021
A DDoS (distributed denial of service) cyber–attack was confirmed on Wednesday by the government’s cybersecurity agency, Cert NZ, when the websites and services of ANZ, Kiwibank, NZ Post, MetService and others were affected.
Project 3 – Potential threat of a cyber attack on Australia’s critical infrastructure –
September 2021 One of Australia’s top national security figures has warned the threat of a cyber attack on Australia’s critical infrastructure is “immediate”, “realistic” and “credible”, and could take down the nation’s electricity network.
Your team has been tasked to work on one of the real life business scenarios
mentioned above and to prepare a full Information and Data Security Report which
would than be used by your organisation’s marketing team to sell the proposed
business solution to the affected businesses.
Discuss Using the lecture/tutorial materials covered in your course, prepare a Report (Part A) and a Presentation (Part B).
Part A Project Report
Introduction 5
A Understanding the Principles and the theoretical aspects of Information & Data Security.
Include areas such as
Threats
Network security & control
Program / Web / Cloud security
Security Policies & Procedures
Importance of Legal, Privacy & Ethical Issues.
B Showing a thorough understanding of your chosen organisation, and if possible, what their current Information & Data security measures are. You should be able to do a literature review on your chosen organisations.
C Carry out a Security Risk Assessment using the techniques learnt in course on your chosen case study.
D Prepare a Security Policies and Procedures Documentation on how your team would strengthen the security position of your chosen organisation
E Technical Implementation for Network Security & Control on a virtual environment (independent of the organisation studied):
Part B Project Presentation
Prepare a proper project presentation and record the entire session. Utilise about 20–
30 minutes for the presentation.
The presentation should cover the following in a recorded audio/video form:
Introduction of the scenario/problem/need for carrying out the above study/research
Introduction of the team mentioning member skills and strengths
The actual method undertaken to complete the project
The unforeseen circumstances and how they were handled (obstacles etc)
Introduce the project with use case or other design documents (Problem)
Discuss the Solution proposed. Don’t go into detail as the Project Report should cater the details.
Conclude how the affected organisation would be better off with your recommendations.
Ensure the assignment includes the following:
1. Course Code, Course Name, Group number, your group member full names
and Student Ids.
2. Ensure your report is submitted in electronic form as a .pdf file using the
moodle project dropbox.
3. Your report length should be 4000 words (+/– 400 words) not including
bibliography, appendices or title page.
4. Ensure all sources are cited and a bibliography is included in IEEE style
5. Ensure your work is free from plagiarism and does not breach copyright.
6. Your report should follow the style of a technical engineering report, intended
to be read by a senior executive.