Rationale This assessment task will assess the following learning outcome/s: be able to explore fundamental cyber security principles and identify key cyber security components for an IT network. be able to justify an appropriate set of security policies for an organisation, and to ensure policy compliance. be able to analyse the security threats to a network and propose effective countermeasures. be able to design and apply security protection mechanisms, such as authentication and access control. be able to investigate the cause of a security incident, and to respond as appropriate.
This assessment item provides students with the opportunity to consider how they would investigate, analyse and respond appropriately to the threat within a specific context.
Task: After discussions with board of management, they have agreed that technical changes are required to enhance the security posture of CricTech. Based on your evaluation of the contributing factors discussed, and the network diagram, answer the following: 1. Detail, with justification, any technical design changes that you would recommend CricTech implements to better protect against future ransomware attacks.
Tip: Consider how you might move, add to, change or remove components of the IT systems to better protect CricTech, any hardware, or software, changes you think are necessary and the benefits that you believe your suggestions would provide. If you decide to purchase new hardware, or software, you should provide a clear justification for all purchases. While there is no specific budget, consider the stated cost of the cyberattack and the relationship to the average yearly profit, with respect to how much you spend.
2. Describe, with justification, any other security controls or techniques that you consider necessary in enhancing the security of the network against future attacks.
Tip: This question should consider any changes that you consider necessary to augment the technical changes you have suggested in the previous question. These might include further configuration changes, additional supporting policy or procedure or other outsourced arrangements.
Comentários