Detail how you would undertake a detailed risk assessment of the system for your selected scenario. Produce an analysis that utilises the DREAD and STRIDE methodologies for the selected scenario.

 

FACULTY OF SCIENCE & ENGINEERING

SCHOOL OF COMPUTING AND MATHEMATICS

Coursework Assignment Specification

_________________________________________________________________________

Module Code                                     :           5CS018

Module Title                                      :           Cybersecurity Architecture and Operations

Semester                                            :           Sem 1

Assessment Type                             :           Portfolio

Module Tutor Name                         :           

Instruction to Students

Work presented in an assessment must be your own. Plagiarism is where a student copies work from another source, published or unpublished (including the work of another student) and fails to acknowledge the influence of another’s work or to attribute quotes to the author. Plagiarism is an academic offence, and the penalty can be serious. The University’s policies relating to Plagiarism can be found in the regulations at https://www.wlv.ac.uk/about-us/internal-departments/the-college-of-learning-and-teaching-colt/academic-development/how-to-guides/how-to-avoid-plagiarism/

To detect possible plagiarism we may submit your work to a national plagiarism detection facility. This tool searches the Internet and an extensive database of reference material including other students’ work to identify.  Once your work has been submitted to the detection service it will be stored electronically in a database and compared against work submitted from this and other universities. It will, therefore, be necessary to take electronic copies of your materials for transmission, storage and comparison purposes and the operational backup process. This material will be stored in this manner indefinitely.

Student Signature: ……………………………

Date: ………………………………

1.   Portfolio Assessment - Introduction

For this piece of coursework you are expected to consider the security issues involving a particular service or scenario. You can choose the scenario from any of the three given below and you are expected to provide a risk assessment, security policy and consideration of the ethical implications of the system.

Scenarios:

1. A smart security system that monitors activity in and around a mall to prevent burglary and vandalism
2. A car dealer/showroom
3. An automatic environmental control system for an office building.

 2.   Portfolio Assessment Tasks description

Choose one of the scenarios given above and describe a fictional system that might implement that scenario. Your system does not have to exist in the real world, but should be achievable with today`s technology. It must connect to the internet, have different types of sensors, store multiple types of historical data, have a control node, and be accessible through a mobile device.

The portfolio assessment consists of three main tasks: 

• Assessment task 1: Risk Assessment Report (Deadline Week 8)

Detail how you would undertake a detailed risk assessment of the system for your selected scenario. Produce an analysis that utilises the DREAD and STRIDE methodologies for the selected scenario. This should take the form of a short report, covering the major infrastructure and software components of the systems. Using the threat information, construct a structured model that provides a comprehensive overview of the attack paths that may be used to compromise the system. Your answer will need to identify threats, vulnerabilities, impacts, priorities and risk treatment options. (2500 words)

• Assessment task 2: Business Continuity Plan document (Deadline: Assessment Week)

Design, develop and discuss a business continuity plan tailored for the selected scenario given with appropriate contingency plans in case service and data becomes unavailable. You should be able to identify the critical business functions and services by performing a detailed business impact analysis (BIA), identify recovery time objectives (RTO) and recovery point objectives (RPO) for disaster recovery purposes (1500 words).

• Assessment task 3: Legal and Ethical considerations (Deadline: Assessment Week)
  Describe the legal and ethical considerations involved in storing and processing the information in your chosen scenario. You do not have to cover only security issues, but you should focus primarily on those. (1000 words)

Marking grids are attached to each task, but we are looking for evidence of advanced academic skills; good subject knowledge, evidence of wide reading and research, ability to analyse and evaluate information and apply it accordingly, and the ability to synthesise knowledge and present a valid argument.

Any assumptions should be stated in your answer.

Formative feedback on Task 1. will be provided to enable you to perform better in future assessments and modules.  Summative feedback will be provided in the form of annotated script on the whole portfolio including Task 2. 

3.   Deliverables

One report in Week 8 on Task 1.

One report in Assessment Week on Task 2 and Task 3.

(Word counts are suggested minimum and are provided for guidance only).

Suggested report structure:

1. Executive Summary
2. Table of Contents
3. Introduction: Background of scenario and task
4. Detailed description on the work done for the task
5. Conclusions

 4.   Submission Guidelines

To be notified in class / via canvas

5.   Marking Scheme

Workshops tasks: 10%

Report 1 for Task 1: Maximum marks 40%

• Summary: 3%
• Use of English / Illustrations: 4%
• STRIDE: 10%
• DREAD: 10%
• Attack Tree: 10%
• Conclusions:3%

Report 2 for Task 2 & 3: Maximum marks 50%

• Summary: 5%
• Use of English / Illustrations: 5%
• Business Continuity Plan: 20%
• Essay on Legal/Ethical: 15%
• Conclusions:5%