Information Security 2016
Security project report
This assignment will involve students undertaking research into an information security topic and reporting the outcomes in a briefing paper and annotated bibliography. Students will also need to provide a brief presentation to the tutorial group on the more interesting aspects of their topic. A range of topics are listed below.
This is an individual assignment, however students doing the same topic can combine into groups for the presentations if they wish.
There are 6 topics to choose from for this assignment. These are listed below. The assignment is worth 20% of the marks for Information Security. The deadline for submissions is the end of week 5 (20 March 2016).
In marking the report, attention will be given to your understanding of information security concepts and how well you have met the requirements detailed in this document. Style and technique of your writing will also be considered.
Managers and executives frequently rely on their support staff to research particular subjects and present concise summaries of the relevant issues in the form of briefing papers. With this assignment, you should prepare a briefing paper as if you were a middle level manager in an organisation advising an executive level manager about the topic of concern. You should do this by providing a good overview of the key issues associated with the topic along with pointers to additional reading that could be helpful if the reader wanted to explore the issues further.
It is important that you keep your briefing paper concise and to the point as you should assume that your executive manager will not have time to read past three pages. While the briefing paper can be a little longer than this in this instance, penalties will be imposed on submissions that are too long. A three page limit is a little tight for an assignment like this in a university context, so this limit has been relaxed to 1500 words for the main part of the paper. The bibliography and its annotations are not considered to be part of the 1500 word limit.
Note that this report is sufficiently brief, that it is not necessary to include an executive summary or table of contents, but it is reasonable to include headings throughout the report.
The pointers to additional reading on the topic should take the form of an annotated bibliography. This means that you should write a paragraph on selected entries in the bibliography focussing on the relevance of the reference to the topic and the quality of the information in the reference. It is expected that there will be a minimum of six entries with annotations in the bibliography. At least two of these annotated entries need to be peer reviewed academic articles. As the currency of source material is relevant to managers, it is also important that at least two of these annotated references are dated from 2015 or later. You should avoid the temptation of using material directly from any article abstract as the main basis for your annotations in the bibliography, as typically this won’t address the key issues of relevance and quality and is likely to cause referencing problems.
The bibliography and the annotations will form an important part of the marking of this assignment, with 40% of the marks allocated for this component. If you don’t include appropriate annotations, your maximum mark will be 14/20. You will also lose marks if you do not have at least two academic articles and two recent articles (2015 or later) annotated in your bibliography.
Students will also be required to share some of the more interesting aspects of their work on this assignment with the class in a brief presentation (during the week 7 tutorial for PG students and the week 9 tutorial for UG students). Presentations should be no longer than 5 minutes (going over time will cost you marks). Students working on the same topic are allowed to form into small groups for
the presentations, in which case the group as a whole will be allowed a little extra time for the presentation.
It is important that you don’t try to tell the class about everything that you have done in your report during this presentation (you will be marked down if you attempt to do this) – try to focus on one or two information security related issues that are likely to be interesting to the whole group. While the presentations will be relatively informal, it is desirable that you have some slides to support your talk, but keep these to a minimum – as a guide, aim for 3 slides as a maximum. The slides should be uploaded to the Moodle site prior to the class so that they can be easily accessed from there for the presentation.
The quality of the presentation will be used as the basis for the tutorial work mark for this week.
All work quoted from other written sources should be appropriately referenced using the UC version of the Harvard style (both with in-text references and all sources used included in the bibliography). This style is described in detail in referencing guides available at: http://canberra.libguides.com/content.php?pid=238252&sid=2935693. Assignments that have not made a reasonable attempt to follow a standard referencing style will be penalised so please look at the referencing guides if you are unsure how to cite any of your references.
Previous experience with student assignments indicates that some students have significant problems with quoting and paraphrasing work from other sources. For example, using a quote from a source with minor changes still requires you to use quotation marks. Paraphrasing (where quotation marks are not used) requires you to write something completely in your own words where you are referring to concepts and ideas from the source. You should also avoid lengthy quotes (whether exact quotes or paraphrased passages) from any of your sources – as a guide, no more than 20% of your assignment should be quoted or paraphrased from other sources.
All assignments should be submitted via the Moodle online assignment submission process. Do not use a cover sheet, but you should include your student id number, the title of the topic selected, and the word count for the body of the report.
In order to maximise the ease of marking, the submission should: • use a 11pt font as a minimum;
• line spacing should be at least 1.5 lines; and
• have margins of at least 25mm.
1. Your organisations has had an informal approach involving employees being encouraged to bring their own device (BYOD) for mobile computing activities, given the extent of laptops, smart phones, and tablets in possession of employees these days. Following a security incident where an employee lost their device (containing some of the organisation’s data), the organisation now wants a more formalised BYOD policy that limits the information security risks. Write a briefing paper outlining the information security risks that might arise with a BYOD strategy. Your paper should also make recommendations on ways in which these risks could be managed and mitigated. Your paper should also make suggestions on a transition from the informal approach to the implementation of the more formal policy. Note that the focus of this topic should be on information security issues and not on the economic justification for a BYOD strategy.
2. Outsourcing of part or all of IT infrastructure and services has become common practice in both the public and private sectors. Your organisation is considering entering into an outsourcing arrangement for selected aspects of the IT infrastructure, but is concerned about the information security implications. The main areas of interest are desktop computers, networks, user support and server administration. Write a briefing paper about the impacts on information security from entering into such an outsourcing arrangement. Make sure your briefing considers the whole of life of any outsourcing arrangement – while the issues that arise entering into and over the course of an arrangement are important, you should also consider the issues that may arise at the termination of an outsourcing contract.
3. Your organisation has experienced a cybersecurity attack that could have come from a foreign intelligence source, or could have been an example of hacktivism. Write a briefing paper outlining the nature and risks of cybersecurity attacks. What is the prevalence of attacks from intelligence sources? Why has hacktivism become an issue in recent times? You should also outline what your organisations can do to protect itself from these threats. Your case should be supported by some recent examples such attacks.
4. Your organisation is considering the adoption of various open source application systems and server software after a history of using proprietary software. Write a briefing paper on the security risks of open source software versus proprietary software. What are ways in which an organisation might mitigate these risks? While there is quite a diversity of OSS and associated risks, are there some categories of open source software that present a much lower risk than others? Are the risks likely to be improved if there is a well-established vendor supporting the open source software product? Outline some key steps in the transition that are likely to reduce the information security risks.
5. Social networking has become more mainstream in recent times, with moves by many organisations to engage with this media in one form or another to facilitate aspects of their business. As an example, the Australian Government has had a Gov2.0 taskforce looking at issues around the use of these technologies in government. Write a briefing paper discussing the information security issues that may be associated with the adoption of social networking technologies by the organisation itself. What aspects of information security and/or incident response policy will likely have to change to address these threats? How might your organisation mitigate the risks that the use of these technologies might pose? Note that this topic is not about the personal use of social networking by individuals within the organisation.
6. Cloud Computing is another technology that is gaining more widespread acceptance in organisations. Cloud computing can introduce some new threats, but it can also provide benefits in some areas of information security. Information security has often been a key reason for organisations to limit or avoid the use of cloud computing but many of the key vendors are now responding to these concerns in a range of ways. Write a briefing paper discussing these information security issues that may be associated with the adoption of cloud computing technologies by your organisation. You should identify the key threats along with areas where cloud computing may improve aspects of information security. You should also identify some recent actions by cloud computing vendors that may be aimed at reducing
concerns about some of these threats. Do these responses by the vendors go far enough in mitigating the concerns and risks? You can assume the reader is relatively familiar with cloud computing, so there is no need for you to provide a detailed explanation of the technology in writing about this topic.