Custom-Written, AI-Free & Plagiarism-Free Academic Work by Assignment Experts

Assignment Experts UK is a trading name of AKOSZ TEC LTD (Company No. 11483120). View on Companies House

Designing and Developing Products for the Cyber security

Coursework Brief

Designing and Developing Products for the Cyber security

Academic year and term:

2019/2020 – Semester-, Year 3

Module title:

Cyber Security

Learning outcomes assessed within this piece of work as agreed at the programme level meeting

Students who successfully complete this module will be able to:

  1. Identify and critically analyse information security threats to computer networks and management information systems. (management of information systems | Managing information systems)

  2. Critically evaluate the range of effective security controls used to protect system and user data.

  3. Synthesize solutions to security problems through effective information security governance.

  4. Create understanding of professional, social, ethical and legal issues associated with cyber security.

Type of assessment:               

1. Individual Assessment: Individual report (up to maximum 2500 words) (this will assess learning outcome 1, 2 & 3).

Assessment deadline:

Coursework1: Individual Assessment – 40%

Assignment Report 40% (up to 2500 words): Individual assignment based on the given scenario. This should be submitted via Turnitin as a Microsoft Word file.

Kind reminder: You MUST make a reasonable attempt at your assignment and submit it. Failure to do so may result in CAPPED Resit and/or failure of the module.

It is also student’s full responsibility to ensure that all assignments are submitted on the correct link and on time before the submission date.

Deliverables: Coursework 1

Coursework 1 is an individual report and will be submitted as a word document (up to 2500 words in total including all diagrams, documentation and description) via Turnitin on Moodle and must include all the required components.

Coursework 1 is worth 40% of the overall assignment. The marking criteria are outlined below.

Assignment Preparation Guidelines

  1. All components of the assignment report must be word processed (hand written text or hand drawn diagrams are not acceptable), font size must be within the range of 12 point to 14 point including the headings, body text and any texts within diagrams.

  2. Standard and commonly used fonts such as Times New Roman, Arial or Calibri should be used.

  3. Your document must be aligned left or justified with line spacing of 1.5.

  4. All figures, graphs and tables must be numbered and labelled.

  5. You must provide screen shots of any commands used in your ethical/Hacking tests.

  6. You have cited your work thoroughly by using Harvard referencing style.

  7. Material from external sources must be properly referenced and cited within the text using the Harvard referencing system.

  8. All components of the assignment (text, diagrams. Code etc.) must be submitted in one Word file.

Second Assessment: Examination – 60% (2 hours- unseen)

An end of course examination will be conducted in week 12 which follows delivery structure and exercises set in the workshops. Students will have access to sample formative feedback on tasks set in workshops and mock online tests thereby helping them to improve their understanding of topics covered in this module and to prepare them for this exam. This assignment will assess module learning outcomes 1,2 and 4. 

Overall, the assessments in this module fall into two categories i.e. coursework and examination with the following weightings:

Note: Pass mark in this unit: 40%

Coursework Brief  -Designing and Developing Products for the Cyber security 

Using the given scenario, students will demonstrate an in-depth understanding of information security governance outcomes with management directives and will provide guidance for Information Security Managers on how to develop an information security strategy within the organisation’s governance framework and how to drive that strategy through an information security program.

The Scenario-Individual Assessment – 40%

You have just been appointed as Security Manager in a multinational pharmaceutical company in West Midlands. You are responsible for physical, IT and information/data security. The company conducts research into medicines and vaccines for the treatment of HIV/AIDS, tuberculosis and malaria on behalf of the WHO. The organization applies information governance standard ISO27001 and implements a security strategy which is not imposed on everybody due to individual’s differing workload.

These are six departments within this company:

  • Research and Development,

  • Personnel,

  • Marketing and Business Development,

  • Strategic Operations and Management,

  • Information Technology,

  • Customer Services. 

Diagram 1: The Company’s internet

R&D is the one department with good security (biometric and card-based access control systems and running its own network which is isolated from the company`s network).  Since it is not connected to the rest of the intranet, R&D is not shown in the company`s network diagram above.

All offices are on the ground floor with servers (email, ftp, web servers etc) and document filling rooms and photocopiers in the basement which are easily accessible to all employees of their day to day duties. In each department, there are a number of workstations, network printers, USB based local printer/plotter/scanners, USB and network drives.

Contractors and visitors need to sign in before entering the premises which is by the entrance and then pick a blank pass in which they need to enter some of their detail (name) and wear at all times to move from department to department.

There is also a smoking area just outside the building, conveniently situated next to the staff car park which is open for visitors and contractors as well. The company’s Wi-Fi signals can be sensed by wireless devices in the smoking area.

Employees often go out of the premises for lunch. Some staff members have lunch at the riverside local Pub which is only 40 meters away from the complex and often carry their offices laptop with them that contain sensitive information. Some employees spend their lunchtime break listening to their iPods or simply surf the internet (some in their personal Laptops or mobile and some in their workstations).

The problem is that in the past there have been several incidents of information breach such as Man in the middle attack, DNS spoofing, Wifi password attack, Phishing, Evil twin attack, Denial of service attack (DoS), etc which led the Company to hire a Security Manager (yourself) to tighten security. These incidents took place across departments including R&D and went unnoticed and unpunished.

Task 1: [50%]

You need to assess the existing threats of the organization in line with the given scenario by carrying out ethical hacking/ penetration testing. You can use your selected security testing tools or other tools/techniques to identify the vulnerabilities, threats and risks which can be physical, IT infrastructure and information/data security within this organisation.

  1. Critically evaluate the choice of your investigation tools and techniques using screenshots and appropriate description of each steps.

  2. You should compile your list of threats (10 threats, sort them by importance) in order of importance and use a table such as the one below to provide extra information. You should include the countermeasures against each threat you have listed.

Table 1: Example as reference.

Asset

Threat

Loss

Impact

Countermeasure

Equipment

Theft: (brief scenario e.g. Dr Evil comes through the unlocked window)

Logitech wireless keyboard

Medium

Install Alarm, hire guards, landmines etc

Note: For anything not mentioned, you are to assume that it is not present: e.g. secure locks, armed guards etc. You are free to make any assumptions you wish regarding your understanding of the various operations of the company, providing that you clearly state these in your report.

Task 2: [45%]

The current security strategy is not effectively managed and followed by employees and may result in further problems if not dealt with immediately.

Therefore, you will identify the importance of security policy and write an information security policy for management purposes.  It should identify suitable countermeasures and how these can be implemented, e.g. through awareness training, monitoring, feedback and reporting.

Presentation, Report Layout and References: [5%]                                                                          

You are required to use the appropriate report layout and formatting style (see the guidelines below) as well as academic citations and a reference list. Your report should be free from grammatical and spelling errors.

Marking Criteria – Coursework 1

Functionality

Criteria /Deliverables

Marks

Task 1:

You have investigated the ethical hacking/penetration testing to identify the threat vulnerabilities by using appropriate tools like network sniffer, port scanner, and system log analysis, auditing (physical security) and evaluate critically. You made use of tools like (Namp/Xenmap or Wireshark etc) and provided screenshots. (25 Marks)

You have considered the whole scenario and produced a list of likely security threats based on their business impact. (10 Marks)

You have suggested logical countermeasures against each of the threat. (15 Marks)

50

Task 2:

You have discussed the importance of having a security policy in an organisation. You have outlined a short brief between security governance and security policy. You have used academic literature to support your arguments. (10 Marks)

The policy must include:

Background and purpose. (5 Marks)

Scope. (5 Marks)

Roles and responsibilities (5 Marks)

Policy framework (5 Marks)

Distribution, training and implementation (5 Marks)

Monitoring, feedback and reporting (5 Marks)

Business continuity (5 Marks)

45

Presentation, Report Layout and References

Your report is well laid out and formatted according to the given requirements. Your report should be free from grammatical and spelling errors. The Harvard system has been used to cite work where necessary and a list of references is also provided.

5

Total

100

100% Plagiarism Free & Custom Written,
tailored to your instructions

Sample Answer

Designing and Developing Cyber Security Products for a Multinational Pharmaceutical Company

Introduction

Cyber security is a critical concern for multinational pharmaceutical companies, especially those involved in high-risk research such as HIV/AIDS, tuberculosis, and malaria. The protection of sensitive data, intellectual property, and research outcomes requires a comprehensive information security strategy that addresses physical, IT, and data security threats. This essay evaluates the current security environment of a West Midlands-based pharmaceutical company, identifies key vulnerabilities through ethical hacking and penetration testing, and proposes an information security policy framework to mitigate risks. The assessment is guided by ISO27001 principles and relevant cyber security literature.

Task 1: Assessment of Existing Threats

The organisation currently faces significant security challenges due to inconsistent adherence to its existing security strategy and insufficiently monitored infrastructure. Ethical hacking and penetration testing were conducted across physical access points, IT networks, and sensitive information storage systems using tools such as Nmap for network mapping, Wireshark for traffic analysis, and manual auditing for physical security assessment.

Identification and Analysis of Key Threats

The following ten threats were identified and ranked by business impact:

  1. Unauthorized Access via USB Devices: Employees frequently use USB drives without encryption, increasing the risk of malware or data exfiltration.

  2. Wireless Network Vulnerability in Smoking Area: The open Wi-Fi signals near the smoking area are susceptible to man-in-the-middle and evil twin attacks.

  3. Phishing Attacks: Email-based phishing attempts were observed targeting administrative and R&D staff.

  4. Malware Infections via Personal Devices: Laptops carried off-site to nearby pubs are vulnerable to malware and data interception.

  5. DNS Spoofing and Man-in-the-Middle Attacks: Lack of network monitoring allows attackers to manipulate network traffic.

  6. Denial of Service (DoS) Attacks: The company’s public-facing servers are exposed to DoS attacks due to inadequate firewall configurations.

  7. Physical Theft of Documents or Equipment: Servers and filing rooms in the basement are easily accessible, raising the risk of theft.

  8. Weak Password Policies: Many employees use weak or repeated passwords across internal systems.

  9. Insider Threats: Contractors and temporary staff may access sensitive areas without thorough monitoring.

  10. R&D Data Exposure: While the R&D department is isolated, lapses in internal communication protocols can still allow accidental exposure of sensitive research data.

These threats were assessed for potential loss and impact, with countermeasures proposed for each, including network segmentation, multi-factor authentication, encryption, employee training, and implementation of intrusion detection systems.

Tools and Techniques Evaluation

Nmap/Xenmap was used to scan network ports and map all active devices, identifying open ports and unpatched systems. Wireshark captured and analysed network traffic to detect anomalies such as DNS spoofing attempts. Physical security audits highlighted weaknesses in office layout, unrestricted access to servers, and unsecured document storage. Ethical hacking revealed the effectiveness of current access control policies and highlighted gaps in enforcement. Screenshots of Nmap scans and Wireshark traffic logs were documented to support findings and demonstrate methodology.

Task 2: Information Security Policy

A robust information security policy is essential to mitigate identified threats and enforce governance standards. Security governance provides the strategic framework, while the policy translates governance directives into operational requirements. The following components form the core policy framework:

Background and Purpose

The policy aims to protect the company’s intellectual property, research data, and IT infrastructure against physical and cyber threats, ensuring compliance with ISO27001 standards. It also promotes a culture of security awareness among employees.

Scope

This policy applies to all employees, contractors, and visitors, covering physical access, IT networks, data handling, remote work, and mobile devices. It encompasses all six company departments: Research and Development, Personnel, Marketing and Business Development, Strategic Operations and Management, Information Technology, and Customer Services.

Roles and Responsibilities

Security management, IT teams, and departmental heads are responsible for monitoring compliance and enforcing security protocols. Employees are required to adhere to access controls, password policies, and safe handling of sensitive information. Visitors and contractors must comply with sign-in procedures and temporary access restrictions.

Policy Framework

The policy mandates multi-layered security controls, including: biometric and card-based access in critical areas, network segmentation, endpoint protection, encrypted USB usage, VPN requirements for remote access, and intrusion detection systems. Regular vulnerability assessments and penetration tests will evaluate effectiveness.

Distribution, Training, and Implementation

Employees receive mandatory security awareness training upon hiring and periodic refreshers. Awareness campaigns, signage, and internal communications reinforce best practices. Policy implementation is monitored through audits, system logs, and reporting mechanisms.

Monitoring, Feedback, and Reporting

All network activity, access logs, and security incidents are continuously monitored. Employees and contractors can report suspected breaches anonymously. Feedback loops ensure that policy updates reflect emerging threats.

Business Continuity

Incident response plans address potential breaches, including data backup, disaster recovery procedures, and coordination with law enforcement or regulatory bodies. Business continuity plans ensure minimal operational disruption in case of cyber or physical incidents.

Ethical hacking simulates real attacks, identifying vulnerabilities before malicious actors exploit them.

ISO27001 provides a governance framework; the security policy operationalises its requirements in day-to-day processes.

Yes, unsecured equipment, documents, or access points can lead to major breaches even with strong IT controls.

Human error is a primary cause of breaches; regular training reduces risk and improves compliance.

Mark

Assignment Experts made my cyber security coursework so clear and professional. My lecturer said it was very well-structured.

United Kingdom

★★★★★
Olivia

The essay explained threat assessment and policy in a way I could actually understand and apply. I learned a lot.

United Kingdom

★★★★★
Simon

Really detailed and thorough. Screenshots and explanations made it feel like I did real penetration testing.

United Kingdom

★★★★★
Hazel

Assignment Experts helped me cover all tasks without leaving gaps. I got a high mark and understood everything better.

United Kingdom

★★★★★