CT350: Due to the Many Security Problems Happened in Singapore in the past 1 Year: System Security Assignment, CU, Singapore

LEARNING OUTCOMES

1. Design, implement, evaluate and maintain efficient security systems for the protection of valuable digital assets
2. Analyze possible security threats and evaluate suitable countermeasures for networked systems 1, 2, 3
3. Describe approaches to cryptography such as secret-key cryptography, public-key cryptography, digital signatures, digital certificates, and authentications.
4. Assess advances in cryptographic methods

Case

Due to the many security problems happened in Singapore (e.g. SingHealth data breach) in the past 1 year, many Singapore companies become very concerned about the security stability of their organizations. You are working as an IT security consultant in a company (you are encouraged to use the company you are currently working). The CEO of your company assigns you the task to identify some of the major system security risks and propose suitable solutions to address the risks. Using an appropriate security model (e.g. CIA, CNSS/NSTISSC or ALE), perform a complete risk assessment by identifying the related assets, threats, and vulnerabilities of the company.

The proposal should address any of the four areas as listed below.

• Network security
• Malware protection
• Data protection
• Web security
• User authentication
• Access control

Part A: Proposal

Write a report to present your proposal. The report should contain the followings.

• Introduction: Highlight the objective of the proposal and the security areas you are addressing.
• Background of the company and nature of its business: Provide detail description of the company business operation and its current software and hardware infrastructure. This will act as a context of your discussion. All discussions must base on the actual requirement of the company.
• Security risk evaluation: You can use any suitable model to perform the risk assessment. Identify all related assets, threats and possible vulnerability the company are facing.
• Prioritization of risks and its solutions in all 4 areas (Network, Malware, Data, Web, Authentication and Access control) as mentioned above. Each of the 4 area should address the following.
  1. Detail discussion of the related risk and how it impact the business
  2. The solution which includes both technical and economic considerations.
  3. Provide the technical detail of solution and describe how it can be used to address the risk.
  4. Highlight the cost of the solution (if applicable). Discuss the maintenance and scalability issues of the solution
• Conclusion

Part B: Poster

In order to persuade the company management to agree on a budget to implement your proposed solution, create a poster to highlight any 4 security areas. The area you selects should be those with the most impact to the company. Clearly illustrate the risk, its impact to the company and your solution including the cost if applicable. A presentation of your poster will be arranged.