Online Learning Environment Security

For Assignment 1 you will need to analyse an application scenario and develop a security plan. You must work in a group of 2 – 3 members.

This document includes the instructions and background information:

  • Page 2 describes the application scenario, ref. ‘Scenario: Online Learning Environment Security’.
  • Page 3 is the template for the Security Plan you need to develop, ref. ‘IT Security Plan Template’. You must use this template for your submission.
  • Pages 4-5 provide some ideas to guide you in developing your Security Plan, ref. ‘Security Plan Ideas’.

Submission Instructions:

Please read the following instructions carefully:

ONE student in each group must submit TWO PDF copies of the report (It does not matter which student of the group uploads the submission):

  • One copy with the Revision History (using the table below) submitted via the Assignment 1 Submission point on Learning@Griffith. This is for INSTRUCTORS to provide official marks and feedback. Enter the names and snumbers of the team members in the submission comments field.
  • One copy without the Revision History submitted via the Submission for Peer Review on Learning@Griffith. This is for your CLASSMATES to conduct a peer review, so please make sure your submission is ANONYMOUS (i.e., the names of the group members are not mentioned).

Revision History

Outline the development history of the plan, including the dates, contributors, and a summary of changes.

Date of ChangeContributorSummary of Change

For 7623ICT Students: You will need to develop an IT Security Plan Review Report after the peer review process in Week 8. This is an individual task and worth 5%. Please submit your Review Report on Learning@Griffith using the Review Report Submission point. You will receive further instructions in the Week 8 lab.

Scenario: Online Learning Environment Security

Remarkable University is developing a new online learning platform. The platform integrates both existing and newly developed systems, and it needs to be developed to ensure that it is fit for purpose as well as secure from identified threats.

The online learning platform includes the following core components:

  • a learning management system (LMS) that support online classes and discussions for instructors and students;
  • front-end web/application servers which are used by students, academics and administrative staff;
  • databases which hold course data, student data, and the digital library;
  • network channels and facilities.

The platform will need to be built and managed to ensure that the servers are deployed securely and remain secured against common automated and simple manual attacks. Dedicated, targeted attacks are difficult to protect against, however simple measure can be taken to protect against most automated attacks. Identified threats against the platform include (but not limited to):

  • Data hacking/modification, e.g., unauthorised access to personal information.
  • Denial of Service (DoS) attacks
  • Malicious code such as worms
  • Automated scanning and exploit tools
  • Phishing attempts

The online learning environment needs to remain secured, use appropriate access controls, enforce least privilege, and ensure that information flowing to and from the platform is protected. New software needs to be developed in a secure manner and be protected against common attacks, and the databases need to be protected against common automated attacks and use appropriate access controls.

IT Security Plan Template

  1. Introduction

Outline the importance of the plan and its relationship with the organisation’s Security Policy. This section should also address the organisational risk profile.

  1. Key IT Assets

This section should establish relevant and key IT assets with justifications on the claims, and classify them as Hardware, Software, Data, or Communication Facilities and Networks.

  1. Risk Assessment

This provides a summary and analysis of the risk assessment.

Identify risks (i.e., threats and vulnerabilities) to key assets, by considering the confidentiality, integrity, and availability of those key assets. Classify and explain the identified risks according the four security areas: User Authentication and Access Control, Software Security, Web and Network Security, and System and Other Security.

Analyse each of those risks (likelihood, consequence, and level of risk), provide justifications for your ratings, and summarise your findings in a Risk Register in the following table:

AssetThreat/ VulnerabilityLikelihoodConsequenceLevel of RiskRisk Priority
  1. Security Strategies

This section should outline security strategies and recommended controls for each of the identified risks in the above section. Classify and explain the controls according the four security areas: User Authentication and Access Control, Software Security, Web and Network Security, and System and Other Security.

Analyse the estimated cost/benefit of each control recommended and provide justifications for your claims. Summarise your recommendations a security Implementation Plan as below:

Risk (Asset/Threat)Level of RiskRecommended ControlsSelected Controls
  1. Implementation

Discuss the residual risks, i.e., those that remain after all possible (cost-effective) mitigation or treatment of risks. Outline the recommended maintenance of the security mechanism and training for the relevant personnel.

Security Plan Ideas

User Authentication and Access Controls

Describe mechanisms to be used for IT system user authentication by the organization. Given the outcomes of the risk assessment, you should identify whether these mechanisms would be an appropriate control to improve its security posture.

Also you should describe the categorization of users into groups that may then be used for access control decisions to IT resources. Describe the access control mechanism in detail. This can be described on the level of application or database access control, i.e., restriction of certain aspects of the application (e.g., admin functionality) or of certain piece of data (e.g., sensitive and confidential data).

Server Security

Describe the management and security configuration of key servers for the organization. Detail the server’s security requirements, identifying:

  • what information it contains, and how sensitive that information is
  • what applications it runs, how they manipulate the information stored, and how critical their availability is
  • who has access to the system, and what type of access they have
  • who has administrative access to the system, and how this is controlled
  • what change management procedures are used to manage its configuration

You can also detail its basic operating system and patching process to provide a suitable level of security on this server. You can research ways of hardening the O/S, as well as key applications used, to suit the server’s security requirements.

Software Security

Describe whether the organization uses critical software which is exposed to possible external attacks, such as software running on an externally visible web server to handle responses to forms or other dynamic data handling.

Network Perimeter Security

Describe the organization’s network perimeter security arrangements, that is, their use of firewalls, intrusion detection/prevention systems etc. You can describe what access policy is being used for network traffic, detailing the network services allowed to or across the network perimeter.

You should then suggest an appropriate firewall settings (e.g., inbound and outbound), with details justifying its selection.

End User PC Security

Given the known problems with import of malware onto client PC’s or workstations, you can desribe mechanisms to be used to configure and update such systems in the organization, and identify any anti-virus, anti-spyware, and personal firewall products to be used. Suggest whether you believe the current mechanisms should be improved, stating your reasons.

Security Policy (Optional)

You can review the current organizational security policy. Indicate whether there are any areas not covered in the existing policy that you believe ought to be.

Reference

[1] Griffith Online: https://www.griffith.edu.au/life-at-griffith/online

[2] Griffith Information Security Policy: http://policies.griffith.edu.au/pdf/Information Security Policy.pdf

[2] Griffith Information Security Procedure: https://policies.griffith.edu.au/pdf/Information Security Procedure.pdf

We are the Best!

course-preview

275 words per page

You essay will be 275 words per page. Tell your writer how many words you need, or the pages.


12 pt Times New Roman

Unless otherwise stated, we use 12pt Arial/Times New Roman as the font for your paper.


Double line spacing

Your essay will have double spaced text. View our sample essays.


Any citation style

APA, MLA, Chicago/Turabian, Harvard, our writers are experts at formatting.


We Accept

Secure Payment
Image 3