CSI3350 Enterprise Security and GovernanceAssignment: Case Study AssignmentBrief Based on the given scenario below, you will have to investigate the key cyber loopholes and whytheorganizationislaggingbehindinappropriateriskassessment.Next,youneedtoinvestigatetheroot causes of the incidents and advise appropriate solution for those identified gaps in theorganization. OrganizationProfile The imaginary organization is a hospitality service provider, e.g. a hotel located in Perth CBD. It isone of the most popular hotels in Perth and has a huge customer base. The hotel has more than1000fulltimeemployeesastheserviceis24/7.EachoftheemployeeshaveauniqueIDcardwithRFID tags that also serves the purpose of access swipe card. Based on the job description, theemployeeshavedifferentaccessprivilege.Notalltheemployeeshaveaccesstoacomputingdevicewhile atwork,however,they are entitledtofree Wi-Fionpremise. The IT department of the hotel is comparatively smaller. It has a head of IT and couple ofanalysts looking after the databases and day to day operations and network infrastructure. Thewebsiteofthe hotelisdevelopedbya contractorfewyearsagoandnotupdatedsince 2015. ThereisnoITorcyberawarenesstrainingcultureatthemoment. RecentIncidents An employee clicked on a lottery offer link recently while using the hotel Wi-Fi network inhis mobile phone during a break. He could not find anything in the link, but his phone isoverheating from then on and battery drains much faster. Within few days, other hotelemployeesstartedreceiving spamtextsfromthatemployee. One of the IT analysts has been experiencing some heavy web traffic on the hotel websitefrom a country far away from Australia. He thought it might be due to popularity of theirhotel. Within next few days, the hotel website was down for 6 hours and could not recoverastherewasnobackupsite.The hotellostmorethan$25,000dueto the downsite. One of the data analysts who keeps track of predictive analytics and business intelligence,recently experienced some abnormal data. For example, the customer address details arelookingtobesamefora lotofdifferentcustomers.Hekeptoncheckingbutcouldnotfind any legitimate answer for such abnormal activity. He tracked down the logs but could notfindanythinganomalous. YourTask The hotel owner employed you as a Cyber Security Consultant and asked you to thoroughlyanalyse the security issues based on the recent events. After analysing and investigating theincidents, you should prepare a report that will clarify the root cause of these incidents along withyour proposed solutions based on best practices in the industry.In particular your investigationreportfrom thiscasestudy willincludebutnotlimitedtothefollowing: ExecutiveSummary(suitableforthenon-technicalaudience)Thorough analysis and explanation of the incidents, i.e. how and why they occurred in thefirstplace.Asustainablesolutionforalltheidentifiedissuesbasedonstate-of-the-artpractices.Governancepracticeto defendcyberincidents.AriskassessmentplanAnincidentmanagementplan WordLimit:3000words(excludingcover page,references,tables,figures,appendixetc.10% +/-acceptable) MarkingCriteria This assignment is worth a total of 40 marks, which are distributed as shown in the table below.When marking your work, the depth of research, coherency of argument and quality of writing willbeconsideredas theprimaryrequirements. CriteriaMarksUnsatisfactorySatisfactoryGoodExcellent0-22.5-33.5-44-5ExecutiveSummary5Noexecutivesummary or executivesummary does notmeetrequirementsfor an executivesummary (e.g.introductiononly)Satisfactoryexecutivesummaryincluded, withsome aspects ofthe report leftoutGood executivesummaryincluded, withonlyaminoraspect of thereportoverlooked orminorunnecessaryinformation includedExcellentexecutivesummaryincluded, withallaspectsofthe reportcovered and nounnecessaryinformationincluded0-22.5-33.5-44-5Identifies anappropriate EnterpriseSecurity&Governance issue:5The issue is notclearly identified orplacedincontextOR theissuewill notThe identifiedissue canrealistically impacttheThe identifiedissue canrealistically impacttheThe identifiedissue is highlylikelytoimpact theorganisation An issue thatcould realisticallyimpact theoperations of anenterprise. Defines and framestheissueclearly.realistically impact theoperations of theorganisationorganisation butis not clearlydefined orplacedinthecontext of theorganisationorganisationand is clearlydefined but canbe betterrelated to theorganisationalcontextand is clearlydefined andrelated to thecontext of therelevantorganisation0-45-67-88.5-10Thoroughly analysestheissue: Provides athoroughbackgroundanalysis oftheissue Provides athoroughanalysis ofcurrentindustry practice10The background tothe issue is poorlyanalysed AND/ORthere is little or noanalysis of currentindustrypracticeThe backgroundto the issue isreasonably wellanalysed withsomeanalysisof currentindustrypracticeThe backgroundto the issue iswell analysedwith goodanalysis ofcurrent industrypracticealthough someaspects canreceive moreattentionThe backgroundto the issue isthoroughlyanalysed andclearlyrelatedto a thoroughanalysis ofcurrent industrypractice0-45-67-88.5-10Provides clear andrelevant professionaladvice: Advicebasedon analysis andindustry bestpractice10The advice providedis not clear orrelevant and/or doesnot relate to theanalysis or industrybest practiceThe advice isgenerally clearandrelevantand links overallto the analysisandindustrybest practicealthough thiscan be relatedmoreclearlyThe advice isclear andrelevant andbasedonanalysis ofindustry bestpracticealthough minoraspects canreceive moreattention or bemoreclearlyset outThe advice isclear,relevantandprofessionaland clearlybasedonathoroughanalysis ofindustry bestpractice0-33.5-4.55.5-6.57Written clearly andpresentedprofessionally:7Unprofessional writingand difficult to keeptrack.Professionalpresentation,however, lackscoherenceProfessionalpresentationand easy tofollow.Excellentdemonstrationof professionalwriting.0-.51.523Citesappropriately: Cites widelyfrompeerreviewsources Uses citations incontext to supporttheirargument. Cites sourcesinthecorrect3Citations are from alimited number ofsources AND/ORSources are not peerreviewedAND/OR No in-text citations tosupport argumentsAND/ORCitations aredrawn frompeer reviewedsources ANDUses some in-text citations tosupportargumentsANDCitations aredrawn from afairly widerange of peerreviewedsourcesAND In-text citationsareusedtoCitations aredrawn from awide range ofpeer reviewedsourcesAND In-text citationsare used tosupportall formataccording touniversity policy*Sources are not citedin the correct APAformatMost sourcesare formattedcorrectly in APAstylesupport mostarguments ANDAll sources areformattedcorrectlyarguments ANDAll sources areformattedcorrectly AllworksubmittedmustcomplywithECUreferencingandacademicmisconductpolicies
