COMP1608 Managing IT Security and Risk University of Greenwich
| Category | Assignment | Subject | Computer Science |
|---|---|---|---|
| University | University of Greenwich | Module Title | Managing IT Security and Risk |
Learning Outcomes
A. Understand and evaluate security threats and its impact on business environments.
B. Demonstrate an understanding of risk evaluation and risk control techniques.
C. Formulate critically evaluated proposals to implement security and risk control strategy to solve problems within an organisation.
Overview
In this coursework, you will work on a scenario relating to a multinational company (MegaCorp) with a strong online presence. This is a medium-large sized company employing 1550 staff across their four branches (London, Manchester, Rome and Singapore). They have grown from a British start-up to a globally renowned end-to-end tech platform specialising in taking brands direct to consumers worldwide, through their own technology platform. Food supplements, nutrition and beauty are the domains they focus on.
Scenario key information
A new CSO (VP of Security) has been appointed (that is YOU – you have this role!) You have just been hired by this company and you need to review the information provided so that you can help them improve their security posture.
Study the provided information provided as part of the scenario next relating to their IT infrastructure, their organisation etc. and suggest any improvements you can consider based on what we have covered in the course.
Task 1
Based on the key information provided, identify and critically discuss two key recommendations for improving the security posture on this company. You might find there are a lot more opportunities for improvement of the overall security posture of this company, however you should select the two that you consider will make the greatest impact. You might want to consider in terms of Change control, Compliance, Cost, Continuity, and Coverage mission Critical Assets (e.g. Data Security, Endpoint Security, Application Security, Network Security, Perimeter Security and the Human Layer).
Task 2
Following from Task 1, create a realistic* plan, with five recommendations for improving the security posture on this company. This can be a list with recommendations in the order that will make it easier to implement and tasks for each of these. E.g. Recommendation 1. To improve WiFi coverage. Responsible team: IT Networks. Tasks: Buy drones, fit routers on the drones, have drones flying over the premises to provide good WiFi coverage.
Task 3
Conduct your own research and identify ten security threats that are on the rise in 2024 that are relevant to this organisation based on what it was covered in class about common threats. Perform basic risk analysis (how each of these risks might affect the business operations?) and order based on their criticality. Do not just list! Each of these threats must be briefly explained in plain English (in general what is it, how does it usually work, what can be affected within a business unit or system etc.)