Custom-Written, AI-Free & Plagiarism-Free Academic Work by Assignment Experts

Assignment Experts UK is a trading name of AKOSZ TEC LTD (Company No. 11483120). View on Companies House

Critically evaluate the choice of your investigation tools and techniques using screenshots and appropriate description of each steps.

Coursework Brief

Designing and Developing Products for the Cyber security

Academic year and term:

2019/2020 – Semester-, Year 3

Module title:

Cyber Security

Learning outcomes assessed within this piece of work as agreed at the programme level meeting

Students who successfully complete this module will be able to:

  1. Identify and critically analyse information security threats to computer networks and management information systems. (management of information systems | Managing information systems)
  2. Critically evaluate the range of effective security controls used to protect system and user data.
  3. Synthesize solutions to security problems through effective information security governance.
  4. Create understanding of professional, social, ethical and legal issues associated with cyber security.

Type of assessment:               

1. Individual Assessment: Individual report (up to maximum 2500 words) (this will assess learning outcome 1, 2 & 3).

Assessment deadline:

Coursework1: Individual Assessment – 40%

Assignment Report 40% (up to 2500 words): Individual assignment based on the given scenario. This should be submitted via Turnitin as a Microsoft Word file.

Kind reminderYou MUST make a reasonable attempt at your assignment and submit it. Failure to do so may result in CAPPED Resit and/or failure of the module.

It is also student’s full responsibility to ensure that all assignments are submitted on the correct link and on time before the submission date.

Deliverables: Coursework 1

Coursework 1 is an individual report and will be submitted as a word document (up to 2500 words in total including all diagrams, documentation and description) via Turnitin on Moodle and must include all the required components.

Coursework 1 is worth 40% of the overall assignment. The marking criteria are outlined below.

Assignment Preparation Guidelines

  1. All components of the assignment report must be word processed (hand written text or hand drawn diagrams are not acceptable), font size must be within the range of 12 point to 14 point including the headings, body text and any texts within diagrams.

  2. Standard and commonly used fonts such as Times New Roman, Arial or Calibri should be used.

  3. Your document must be aligned left or justified with line spacing of 1.5.

  4. All figures, graphs and tables must be numbered and labelled.

  5. You must provide screen shots of any commands used in your ethical/Hacking tests.

  6. You have cited your work thoroughly by using Harvard referencing style.

  7. Material from external sources must be properly referenced and cited within the text using the Harvard referencing system.

  8. All components of the assignment (text, diagrams. Code etc.) must be submitted in one Word file.

Second Assessment: Examination – 60% (2 hours- unseen)

An end of course examination will be conducted in week 12 which follows delivery structure and exercises set in the workshops. Students will have access to sample formative feedback on tasks set in workshops and mock online tests thereby helping them to improve their understanding of topics covered in this module and to prepare them for this exam. This assignment will assess module learning outcomes 1,2 and 4. 

Overall, the assessments in this module fall into two categories i.e. coursework and examination with the following weightings:

Note: Pass mark in this unit: 40%

Coursework Brief  -Designing and Developing Products for the Cyber security 

Using the given scenario, students will demonstrate an in-depth understanding of information security governance outcomes with management directives and will provide guidance for Information Security Managers on how to develop an information security strategy within the organisation’s governance framework and how to drive that strategy through an information security program.

The Scenario-Individual Assessment – 40%

You have just been appointed as Security Manager in a multinational pharmaceutical company in West Midlands. You are responsible for physical, IT and information/data security. The company conducts research into medicines and vaccines for the treatment of HIV/AIDS, tuberculosis and malaria on behalf of the WHO. The organization applies information governance standard ISO27001 and implements a security strategy which is not imposed on everybody due to individual’s differing workload.

These are six departments within this company:

  • Research and Development,

  • Personnel,

  • Marketing and Business Development,

  • Strategic Operations and Management,

  • Information Technology,

  • Customer Services. 

Diagram 1: The Company’s internet

R&D is the one department with good security (biometric and card-based access control systems and running its own network which is isolated from the company`s network).  Since it is not connected to the rest of the intranet, R&D is not shown in the company`s network diagram above.

All offices are on the ground floor with servers (email, ftp, web servers etc) and document filling rooms and photocopiers in the basement which are easily accessible to all employees of their day to day duties. In each department, there are a number of workstations, network printers, USB based local printer/plotter/scanners, USB and network drives.

Contractors and visitors need to sign in before entering the premises which is by the entrance and then pick a blank pass in which they need to enter some of their detail (name) and wear at all times to move from department to department.

There is also a smoking area just outside the building, conveniently situated next to the staff car park which is open for visitors and contractors as well. The company’s Wi-Fi signals can be sensed by wireless devices in the smoking area.

Employees often go out of the premises for lunch. Some staff members have lunch at the riverside local Pub which is only 40 meters away from the complex and often carry their offices laptop with them that contain sensitive information. Some employees spend their lunchtime break listening to their iPods or simply surf the internet (some in their personal Laptops or mobile and some in their workstations).

The problem is that in the past there have been several incidents of information breach such as Man in the middle attack, DNS spoofing, Wifi password attack, Phishing, Evil twin attack, Denial of service attack (DoS), etc which led the Company to hire a Security Manager (yourself) to tighten security. These incidents took place across departments including R&D and went unnoticed and unpunished.

Task 1: [50%]

You need to assess the existing threats of the organization in line with the given scenario by carrying out ethical hacking/ penetration testing. You can use your selected security testing tools or other tools/techniques to identify the vulnerabilities, threats and risks which can be physical, IT infrastructure and information/data security within this organisation.

  1. Critically evaluate the choice of your investigation tools and techniques using screenshots and appropriate description of each steps.

  2. You should compile your list of threats (10 threats, sort them by importance) in order of importance and use a table such as the one below to provide extra information. You should include the countermeasures against each threat you have listed.

Table 1: Example as reference.

Asset

Threat

Loss

Impact

Countermeasure

Equipment

Theft: (brief scenario e.g. Dr Evil comes through the unlocked window)

Logitech wireless keyboard

Medium

Install Alarm, hire guards, landmines etc


Note:
For anything not mentioned, you are to assume that it is not present: e.g. secure locks, armed guards etc. You are free to make any assumptions you wish regarding your understanding of the various operations of the company, providing that you clearly state these in your report.

Task 2: [45%]

The current security strategy is not effectively managed and followed by employees and may result in further problems if not dealt with immediately.

Therefore, you will identify the importance of security policy and write an information security policy for management purposes.  It should identify suitable countermeasures and how these can be implemented, e.g. through awareness training, monitoring, feedback and reporting.

Presentation, Report Layout and References: [5%]                                                                          

You are required to use the appropriate report layout and formatting style (see the guidelines below) as well as academic citations and a reference list. Your report should be free from grammatical and spelling errors.

Marking Criteria – Coursework 1

Functionality

Criteria /Deliverables

Marks

Task 1:

You have investigated the ethical hacking/penetration testing to identify the threat vulnerabilities by using appropriate tools like network sniffer, port scanner, and system log analysis, auditing (physical security) and evaluate critically. You made use of tools like (Namp/Xenmap or Wireshark etc) and provided screenshots. (25 Marks)

You have considered the whole scenario and produced a list of likely security threats based on their business impact. (10 Marks)

You have suggested logical countermeasures against each of the threat. (15 Marks)

50

Task 2:

You have discussed the importance of having a security policy in an organisation. You have outlined a short brief between security governance and security policy. You have used academic literature to support your arguments. (10 Marks)

The policy must include:

Background and purpose. (5 Marks)

Scope. (5 Marks)

Roles and responsibilities (5 Marks)

Policy framework (5 Marks)

Distribution, training and implementation (5 Marks)

Monitoring, feedback and reporting (5 Marks)

Business continuity (5 Marks)

45

Presentation, Report Layout and References

Your report is well laid out and formatted according to the given requirements. Your report should be free from grammatical and spelling errors. The Harvard system has been used to cite work where necessary and a list of references is also provided.

5

                                                              Total

100

100% Plagiarism Free & Custom Written,
tailored to your instructions

Sample Answer

Designing and Developing Cyber Security Strategy

Introduction

In today’s digital environment, organisations operating in sensitive sectors such as pharmaceuticals face significant cyber security challenges. The protection of intellectual property, patient data, and research findings is critical, particularly when working on global health issues such as HIV/AIDS, tuberculosis, and malaria. This report critically analyses the security threats faced by a multinational pharmaceutical company and proposes appropriate countermeasures. It also develops an information security policy aligned with governance frameworks such as ISO 27001.

The report addresses both technical and human vulnerabilities, recognising that cyber security is not solely a technological issue but also a behavioural and organisational one.

Task 1: Threat Assessment and Ethical Hacking Evaluation

Critical Evaluation of Tools and Techniques

To assess vulnerabilities within the organisation, a combination of ethical hacking and penetration testing techniques would be used.

Network scanning tools such as Nmap are essential for identifying open ports, active hosts, and potential entry points within the organisation’s network. This helps detect misconfigured services and unnecessary open ports that attackers could exploit.

Wireshark, a packet analysis tool, allows monitoring of network traffic to identify suspicious activities such as man-in-the-middle attacks or data interception. This is particularly relevant given the organisation’s exposure to Wi-Fi attacks.

Vulnerability scanners such as OpenVAS can be used to identify known vulnerabilities in systems and applications. These tools provide automated reports that help prioritise risks.

Social engineering testing is also critical in this scenario. Phishing simulations can reveal employee susceptibility to attacks, which is a major issue highlighted in the case.

Physical security audits must also be conducted. Observing access control weaknesses, such as unrestricted basement access and visitor pass systems, is essential for identifying risks that cannot be detected through digital tools.

The strength of using multiple tools lies in obtaining a comprehensive view of vulnerabilities. However, these tools require skilled interpretation, and false positives can occur. Therefore, results must be analysed critically.

Identified Threats and Countermeasures

Below is a prioritised list of key threats based on their potential impact:

AssetThreatLossImpactCountermeasure
Network systems Man-in-the-middle attack via Wi-Fi Data interception High Implement VPN, secure Wi-Fi encryption (WPA3), network segmentation
Employee credentials Phishing attacks Account compromise High Security awareness training, email filtering systems
Wi-Fi network Evil twin attack Data theft High Network authentication, disable auto-connect, employee training
Servers (basement) Unauthorised physical access Data breach High Restricted access, CCTV, biometric locks
Laptops Theft outside premises Data loss High Full disk encryption, remote wipe capability
DNS systems DNS spoofing Redirection to malicious sites High DNS security extensions (DNSSEC)
Network availability Denial of Service attack Service disruption Medium Firewalls, intrusion detection systems
USB devices Malware infection System compromise Medium Disable USB ports, endpoint protection
Visitors Unverified access Insider threat Medium Strict ID verification, escort policies
Employee behaviour Use of public networks Data leakage Medium Enforce VPN usage, device security policies

This table demonstrates that the organisation faces both technical and human-related threats. The lack of enforcement of existing policies significantly increases risk.

It is a method used to identify security weaknesses by simulating cyber attacks.

Because employees can unknowingly expose systems through poor practices.

It is an international standard for managing information security.

Wi-Fi related attacks due to weak network security.

Sarah

Really detailed and practical. Got great feedback from my tutor.

United Kingdom

★★★★★
Alex

Explained everything clearly, especially the threats section.

United Kingdom

★★★★★
James

Saved me a lot of stress honestly. Everything was covered properly.

United Kingdom

★★★★★
Ethan

Didn’t feel generic at all. Looked like proper uni-level work.

United Kingdom

★★★★★