Posted: August 25th, 2015

Information Security

Information    Security

Assignment    1    –    Information    Security    Mapping    Case    Study
Semester    2,    2015

Details:
Title:
Due Date:
Value:
Length:

Information Security Assignment 1
09.00 AM (GMT+8) Monday 24th August 2015
20% of the final mark for the unit
Maximum of 2000 words on 3 pages (A3 page format) or 8 pages (A4 page
format) (excluding cover page and references)

Purpose    of    this    assignment:
The purpose of this assignment is to support the following unit Learning Outcomes (LO) for
this unit:
LO 1: Identify the importance of information to organisations and society in general;
LO 2: Describe and apply concepts, principles and techniques relating to the security of
information; and
LO 5: Demonstrate an understanding of the advantages, disadvantages, threats, and
vulnerabilities associated with various IT environments.

Background:

Jonah is the Director of InnoSensors based in Perth, Western Australia. InnoSensors is an
inventive company developing and selling home health monitoring devices for the elderly.
All supplies are through medical services and not direct to the public. InnoSensors currently
has 70% of the market in WA, with the remaining 25% from another new company, and 5%
from those developing mobile apps for smartphones. Jonah spends half of his day on the road
in the Perth metro area visiting medical specialists, hospitals, and allied health providers who
may wish to purchase and integrate these devices with clinical care they provide to their
patients. Consequently, Jonah carries a laptop, smart phone and iPad with him everywhere he
goes. The laptop encompasses an Intel i5 CPU, 4GB RAM, and is running Windows 8
Professional with the last Windows update applied towards the end of October, 2014. When
in the office Jonah connects his laptop to the company network.
Jonah predominantly uses Microsoft Office Professional 2013 for all his business needs.
Microsoft Access and Microsoft Excel contain the information for all clients within Western
Australia, as well as client confidential business and financial information. Jonah is not well
informed about information security although he uses computing technology to support his
1

job. As a result Jonah does not use third party firewalls, anti-virus software, encryption, or
authentication mechanisms.
While on the road, Jonah occasionally leaves his laptop in the car. He also frequently visits
Internet cafes for lunch where he utilises the Internet for up to an hour each day. The
confidentiality of information is important as any disclosure could cause significant
embarrassment to him and the company, as well as impact client privacy and confidence.
Also, Jonah must provide correct, factual information to all clients hence ensuring the
integrity of information is vital. Lastly, should any information not be available when needed,
this may result in clients taking their business to the new to market competitor.

Task:

Utilising the background information, draw a concept map or annotated attack tree which
represents the context of Jonah’s work environment and also demonstrates:
?
?
?
?
?
?
?

the links between the aims of security (CIA) and the data used by Jonah;
the associated attacks which could breach each of these aims;
the likelihood (risk) that the attack poses;
the impact each attack may have;
the resultant countermeasures which could be applied;
the relative cost of each countermeasure; and
the mitigation effect of the countermeasure.

All of the attacks that you present must be feasible, capable of being undertaken by one
person, and require limited financial support. An in-text reference supporting the attack and
countermeasure should be included within each of the concepts.
NOTE: You are not writing an essay on each attack and countermeasure, only a brief
(referenced) description. Your work should be focussed on a diagrammatic representation,
and be as creative (or not) as you wish. The choice of how you present the assignment is up
to you as long as it meets the assignment requirements.

Report    Requirements:

Must Contain

Cover/Title Page
This must contain the unit code and title, assignment title, your name and
student number, due date and the title of your topic.
Table of Contents
This must accurately reflect the content of your report and must be
generated automatically in Microsoft Word with page numbers.
Introduction
Introduce the report, define its scope and state any assumptions. Use intext references where appropriate.
Main content
Address the task as above. The diagram and associated text must
demonstrate recent research and application to the context provided. You
should calculate the risks associated with the technology. The diagram and
2

text must be logically structured and you are required to include
appropriate referencing (in-text and end-text references) to support your
argument throughout the entire report. All attacks, countermeasures, ideas,
and recommendations should be backed up with references. References
should predominantly include books, journal articles, and conference
papers as these have been peer reviewed prior to publication.
References
A list of end-text references formatted according to the ECU requirements
using the APA format. It is recommended that Endnote is used to manage
references. Your references should ideally comprise of books, journal
articles, and conference papers.
Format
This report should be no more than 2,000 words (excluding references and
diagrams) and labelled as <CSI2102_your studentid_your
studentlastname_studentfirstname>.docx and should be in a single file.
Your assignments must be word-processed and the diagrams be
developed using graphics software (most word-processors provide this
facility). The text must be no smaller than 12pt and font Times New
Roman

Late submission:
Edith Cowan University penalties (ECU Admission, Enrolment and Academic Progress, Rule
39, subrule 5) for late submission may be applied. (5) Subject to subrule (6), an assignment
submitted after the fixed or extended time for submission shall incur a penalty to be
calculated as follows: (a) where the assignment is submitted not more than one week late, the
penalty shall, for each working day that it is late, be 5% of the maximum assessment
available for the assignment; or (b) where the assignment is submitted more than one week
late, a mark of zero shall be awarded.

Academic Misconduct (Including Plagiarism):
Edith Cowan University regards academic misconduct of any form as unacceptable.
Academic misconduct, which includes but is not limited to, plagiarism; unauthorised
collaboration; cheating in examinations; theft of others students work; collusion; inadequate
and incorrect referencing; will be dealt with in accordance with the ECU Rule 40 Academic
Misconduct (including Plagiarism) Policy.