Introduction to Information Security

by | Nov 13, 2020 | Security

  1. Explain the principles of information security and the measures to
    secure information.
  2. Develop an information security policy to demonstrate security
    awareness.
  3. Identify and describe security implications for modern networks
    Weighting:
    Instructions
    20% of the overall mark
    This is an individual project, in which the student will submit a report of
    3000 words +/- 10% excluding appendices. The report should include:
    • Security policies, standards and procedures with recommendations.
    • Define the concepts of and principles of Information security and the
    methods used to secure assets with good practice and
    recommendations
    The Phase-1 report should be uploaded on Moodle via Turnitin by Sunday
    22 Nov 2020 at 11.55pm.
    Late submission will obtain maximum %60, any submissions later than 3
    days from the deadline will obtain 0.
    Learning outcomes assessment:
    1 2 3 4 5
    Step
    1
    2
    3
    4 X X X
    5
    6 X X X
    7
    8
    9 X X X
    Sum_LO’s 3 3 3
    Please read this assignment carefully and the instructions that accompany this document
    Scenario:
    A security policy is the cornerstone of any project for preserving business integrity. It aims at identifying
    the threats that could impact and cause damage and/or harm to a company and solutions to transform
    the organization to ensure that it is more secure. As a result of this scenario you will be required to
    arrive at a solution and complete a report which will include any relevant recommendations to improve
    security aspects within the organization itself. Bahrain PLC is a manufacturer of aerospace parts which is
    located in the kingdom of Bahrain and considers its line of business as highly competitive because there
    are several companies that compete with them for the same government contracts. The company
    recently received warnings from government agencies that foreign intelligence agencies were interested
    in some of the research that the company was and is still conducting.
    A government contract requires Bahrain PLC to conduct a formal process of risk assessment and
    management of its operations. This process includes identifying risks and potential threats to the
    company’s IT infrastructure in which the senior management have identified several areas of concern.
    These areas included the following:
    • Security procedures in relation to the location and building layout of Bahrain PLC’s plant
    • Security controls relating to the release of confidential information to competitors and foreign
    governments
    • Potential threats and risks from potential hackers attempting to break into Bahrain PLC’s
    internal network or public Web site
    • Risk management methods used with regards to
    o Bad organizational operational practices
    o Bad practices/mistakes by users
    Bahrain PLC’s office and manufacturing buildings are located on a small road between a public beach
    and a public park.
    • The first floor of the office building which houses the research department (has a patio area
    which is located next to the beach that Bahrain PLC employees use during their lunch hour and
    during coffee breaks).
    • Administrative offices are located on the second floor. Bahrain PLC manufactures its products in
    this two-story manufacturing building.
    • PLC’s datacenter which is located at the basement and contains the following:
    2 windows server 2003 SP1, 10 windows server 2008 SP1 and 20 server 2012 ,Red hat Enterprise
    Linux 7.7, Cisco Intrusion detection system, ASA firewall. Fiber channel SAN storage,
    • The organization is connected to the Internet with a single Internet provider, through a single
    firewall.
    You have been hired as security specialist to help organization conducting the risk assessment and build
    information security policy.
    • You notice that Employees use Wi-Fi to connect their mobile devices through a legacy Wireless
    access points. In addition, WEP (Wired Equivalent Privacy) is being used for encryption.
    • Many employees reported that they received email asking users to update their information on
    the company’s Web site, after you investing you found a legitimate-looking e-mail but the URLs in
    the e-mail actually point to a false Web site.
    • While taking a tour inside the company, you noticed that the employees in the finance
    department were throwing unused printed papers into the trash without damaging them.
    • During one of your periodic checks to see how well security policy is being observed by the
    employees, you discover an employee has attached his mobile phone to his workstation and enable
    tethering to access interment bypass company firewall.
    • After reviewing the company’s firewalls settings Noticed that there is Hundreds of thousands
    brute-force attempts generated from various IP addresses around the world.
    • An IT staff member told you that a former information security expert was fired for various
    technical reasons and was unhappy when leaving his position
    • Your organization IT system administrator backup data with on-site storage, the backup take
    place at planned intervals manually
    Task 1 (15 Marks)
    Introduction
    Provide professionally formatted Introduction that provides a general overview and objectives of the
    report. Include table of references (minimum 15 and should include books, journals, white papers and
    legitimate verifiable websites).
    Task 2 (5 Marks)
    Identify and categorize the assets to be protected, including their relative value, sensitivity or
    importance to the organization. (Servers, desktops, mobile, storage, network, security, web applications,
    database).
    Task 3 (5 Marks)
    Produce a physical design of customer premises indicating where all assets should be located and
    methods of securing all assets physically from internally and externally threats. Your design should be
    reasoned and justified.
    Task 4 (15 Marks)
    Risk Management
    Discuss different risk scenarios and carry out security risk assessment for the organization using
    appropriate methods. Identify and discuss ISO 2700X standards related to risk management and use its
    methodology to carry out assessment on relevant component. You are required to build risk assessment
    matrix (at least 15 risks)
    Task 5 (15 Marks)
    Produce fully qualitative and quantitative risk analysis for all Risk found at Task 4, including all elements,
    information assets, supporting assets
    Task 6 (15 Marks)
    Research and investigate the widely used Critical Security Controls to reduce risk at your organization.
    You should produce a minimum of 15 controls that vary in their effectiveness and relate to the CIA triad
    as following:
  • Controls that mitigate known attacks.
  • Controls that address a wide variety of attacks.
  • Controls that identify and stop attackers early in the compromise cycle.
    Task 7 (15 Marks)
    Security policies and procedures
    Based on your risk assessment, produce a comprehensive security policy and procedures that are fit for
    purpose. This should be relevant to ISO 27001 standards and must cover the following areas:
    • Physical Security
    • Application
    • information
    • network
    • operations
    • Data security (encryption)
    • Access Control
    • End user Education
    • Disaster recovery
    Produce at least one security procedure for each policy component. You must use appropriate
    templates that are professionally for formatted.
    Task 8 (10 Marks)
    Top managements are planning to Build SOC (Security Operation Center) at PLC,
    Your manager asked you to do research about SOC and provide details report containing
  • Explain what SOC are, how it works and how your organization can benefit from SOC.
  • Discuss the components of SOC ,explain the tasks carried out by SOC team
  • Discuss how you can improve your company security posture to best protect your organization
    after implementing SOC (Security Operation Center).
    Task 9 (5 Marks)
    Conclusion and Recommendations
    Conclude your findings in all tasks and provide recommendations for your organization executives
    regarding the future Information Security best practices
    PLEASE READ ADDITIONAL NOTES BELOW BEFORE SUBMISSION
    Caution:
    You should consider the following key points in your investigation: –
    • Topic should be discussed critically in detail.
    • A word count of 3000 words +/- 10% will be allowed for this report.
    • The introduction and table of contents will not be included in the word count
    • Appendices are required but will not count towards the word count.
    • A reference list should be included as the first appendix (include references in your main body of
    text).

Sample Solution

Sample solution

Dante Alighieri played a critical role in the literature world through his poem Divine Comedy that was written in the 14th century. The poem contains Inferno, Purgatorio, and Paradiso. The Inferno is a description of the nine circles of torment that are found on the earth. It depicts the realms of the people that have gone against the spiritual values and who, instead, have chosen bestial appetite, violence, or fraud and malice. The nine circles of hell are limbo, lust, gluttony, greed and wrath. Others are heresy, violence, fraud, and treachery. The purpose of this paper is to examine the Dante’s Inferno in the perspective of its portrayal of God’s image and the justification of hell. 

In this epic poem, God is portrayed as a super being guilty of multiple weaknesses including being egotistic, unjust, and hypocritical. Dante, in this poem, depicts God as being more human than divine by challenging God’s omnipotence. Additionally, the manner in which Dante describes Hell is in full contradiction to the morals of God as written in the Bible. When god arranges Hell to flatter Himself, He commits egotism, a sin that is common among human beings (Cheney, 2016). The weakness is depicted in Limbo and on the Gate of Hell where, for instance, God sends those who do not worship Him to Hell. This implies that failure to worship Him is a sin.


This question has been answered

God is also depicted as lacking justice in His actions thus removing the godly image. The injustice is portrayed by the manner in which the sodomites and opportunists are treated. The opportunists are subjected to banner chasing in their lives after death followed by being stung by insects and maggots. They are known to having done neither good nor bad during their lifetimes and, therefore, justice could have demanded that they be granted a neutral punishment having lived a neutral life. The sodomites are also punished unfairly by God when Brunetto Lattini is condemned to hell despite being a good leader (Babor, T. F., McGovern, T., & Robaina, K. (2017). While he commited sodomy, God chooses to ignore all the other good deeds that Brunetto did.

Finally, God is also portrayed as being hypocritical in His actions, a sin that further diminishes His godliness and makes Him more human. A case in point is when God condemns the sin of egotism and goes ahead to commit it repeatedly. Proverbs 29:23 states that “arrogance will bring your downfall, but if you are humble, you will be respected.” When Slattery condemns Dante’s human state as being weak, doubtful, and limited, he is proving God’s hypocrisy because He is also human (Verdicchio, 2015). The actions of God in Hell as portrayed by Dante are inconsistent with the Biblical literature. Both Dante and God are prone to making mistakes, something common among human beings thus making God more human.

To wrap it up, Dante portrays God is more human since He commits the same sins that humans commit: egotism, hypocrisy, and injustice. Hell is justified as being a destination for victims of the mistakes committed by God. The Hell is presented as being a totally different place as compared to what is written about it in the Bible. As a result, reading through the text gives an image of God who is prone to the very mistakes common to humans thus ripping Him off His lofty status of divine and, instead, making Him a mere human. Whether or not Dante did it intentionally is subject to debate but one thing is clear in the poem: the misconstrued notion of God is revealed to future generations.

 

References

Babor, T. F., McGovern, T., & Robaina, K. (2017). Dante’s inferno: Seven deadly sins in scientific publishing and how to avoid them. Addiction Science: A Guide for the Perplexed, 267.

Cheney, L. D. G. (2016). Illustrations for Dante’s Inferno: A Comparative Study of Sandro Botticelli, Giovanni Stradano, and Federico Zuccaro. Cultural and Religious Studies4(8), 487.

Verdicchio, M. (2015). Irony and Desire in Dante’s” Inferno” 27. Italica, 285-297.

This question has been answered.

Get Answer