Read the following case study and then answer the questions that follow. Be sure to directly relate your answers to the specific details given in the case study. You are asked to produce a written report. It is vital that in the composition of this report, you supplement any arguments you make with appropriate references. PLAGIARISM WILL BE HEAVILY PENALISED, please don’t waste your time and ours by copying from books or the Internet – it is invariably detected.
Make sure you provide a full and comprehensive list of references.
CYBER SECURITY CASE STUDY – INDIVIDUAL REPORT
As a cyber-security analyst, you have been assigned a task to carry out a security analysis of a real company’s website, which is dynamic in nature and data driven. The website is user-friendly and allows accessibility as well, the front end is designed to enhance users’ experience, which allows customers to input queries to find relevant information from the backend NoSQL database attached to it. Your role is to assess any possible security vulnerabilities of the system to ensure that it is fully compliant with the regulatory requirements (please refer to ISO27001) and also provide a set of technical recommendations, which can minimise security risks.
Secure4U is an online cloud-based file sharing facility offering a variety of free and pay-per-use services to customers across the UK. Its website has been achieving an ever-increasing level of visits that are being converted into a record number of members over the last three years. With as many as 1,000 new members per month using their platform, a record 50 million files have been uploaded in 2019 (desktop and mobile). Enquiries from new members to the company have increased by 25% to 3 million during the year and Secure4U’s popularity among consumers was highlighted when it was identified by search engines as the most searched for business in the UK in 2019. Growth has continued and traffic now averages 500,000 views per day and 250 000 visits in July have resulted in a record 100 000 new potential customers in the month. The Secure4U customer base grew 8% during the year to a record high of 1 000 000.
Keeping Customer Data Secure the Operations team at Secure4U is responsible for providing the technical infrastructure that supports the growing file-sharing requirements, helping to ensure that it continues to be the best in the UK. As such the emphasis is on maintaining a high performance, resilient and secure environment that gives customers a first-rate service. A top priority is having the right security in place to protect customer data and to preserve Secure4U’s trustworthy reputation. Keeping the file-sharing website secure has always been an essential requirement and to safeguard the website, Secure4U has regularly conducted penetration testing by external consultants. Operations Manager explains, “As we have an increasingly agile development process, we wanted to add another level of protection that would monitor our security posture continuously and feed actionable intelligence into our security infrastructure and our development lifecycle. This will help us to meet our operational goals as well as deliver additional value to the business.”
As a cyber-security analyst, you will provide suggestions to the senior management of the business to protect confidentiality, integrity and availability for this website, which could be result of any cyber-attack in the form of cross site scripting, injection flows and any other possible threats.
Quality of ideas, evidence of literature review, demonstration of up to date knowledge, together with appropriate comprehensive referencing is of more importance than the precise length of submission. The ability to critically analyse a case-study and /or setting and ability to apply knowledge so as to identify solutions to potential problem is essential. Length of submission should be 1500 words.
You are required to copy the questions given below and provide the answers in your report ONLY! No need for additional text or reproduction of the case study in your final report.
Further Guidance: [100 marks available/pass mark = 40]
The dangers of getting the balance right as between security, easy access and reduction of risk in business contexts of use are to be the main focus of your response to the following tasks. All arguments presented are expected to be supported by evidence. You should answer each question in the order given below. Full citations (referencing) are needed for any information sources you identify.
a) In order to implement a few immediate measures to effect positive changes, what recommendations should cyber security professionals follow? Discuss all available frameworks, legislation and regulatory requirements on which information security professionals can base their proposal(s). [750 words]
b) Critically discuss long-term initiatives to encourage positive change with regards to assessing security risk and maintain privacy in a corporate environment. What kind of security risk assessment methodologies can be identified for better mapping of the threat landscape? Provide a detailed comparison of these methodologies with clear links to the case study. [750 words]