LO1: Critically evaluate and assess data security risk within an organization/systems.
2024-12-18 15:06:46
ASSESSMENT BRIEF
L7 Data Security
Key Details and Requirements
Submission deadline: Tuesday 04 February 2025, no later than 16:30pm (UK local time)
Learning outcomes:
- LO1: Critically evaluate and assess data security risk within an organization/systems.
- LO2: Identify and recommend decisive actions to bridge security gaps and improve security.
- LO3: Develop fundamental software considering data security risks.
- LO4: Critically evaluate information security concepts for secure data storage using programming.
Assessment details: Individual Portfolio (tasks and activities accumulated over the semester), 100% (equivalent to 2,500 words).Portfolio should be written in PebblePad Referencing: Students are expected to use Harvard Referencing throughout their assignments where required. Please follow the Harvard Referencing Handbook for all your assignments at the ULBS.
Submission Method: Turnitin - Your work will be put through Turnitin. All submissions will be electronically checked for plagiarism and the use of AI software. You have the option to upload your work ahead of the deadline, more than once. ULBS will be reviewing your last submission only. You can only upload one file. For example if your work contains a word document and power point slides/Excel spreadsheet you will need to copy your slides/spreadsheet into the word document.
Note: Keep in mind that self-plagiarism (when you reuse your own specific wording and ideas from work that you have previously submitted without referencing yourself) is also a form of plagiarism and is not allowed.
ASSIGNMENT DETAILS
Scenario:
eSecureFin Limited is a rapidly growing financial services company that offers a range of financial products, including loans, investment management, and insurance services. With its expanding client base, eSecureFin Limited collects and manages a significant volume of sensitive personal and financial data,including social security numbers, credit card information, and financial transaction records.
Over the past year, eSecureFin Limited has faced several security incidents that have raised serious concerns about its data security measures. These incidents include but not limited to:
- Data Breach: Unauthorized access to the company’s database resulted in the exposure of thousands of clients’ personal information.
- Phishing Attacks: Employees received fraudulent emails that led to compromised credentials and unauthorized system access.
- Insider Threat: A former employee used their access privileges to steal sensitive data before leaving the company.
eSecureFin Limited’s current data security measures are outdated and insufficient to handle the increasing threats. Key challenges include: Inadequate Encryption, Weak access control, lack of monitoring, insufficient employee training.
You have been hired as a data security consultant for eSecureFin Limited. Knowing the history of recent incidents your task is to assess the current data security measures, identify gaps, and develop a Python-based solution to enhance the company’s data security.
Assessment Description:
The work will be marked out of 100 in line with the University’s marking grades and according to the following assessment descriptions.
Task 1: Critically evaluate and assess data security risks within eSecureFin Limited’s current systems. (LO 1, LO 4) | Unit 1 - 2
- Briefly introduce the given scenario and identify its data handling practices.
- Critically analyse and evaluate the potential security risks based on recent incidents.
- Critically analyse the current security practices with existing security measures and their effectiveness.
Task 2: Identify and recommend decisive actions to bridge security gaps and improve security considering eSecureFin Limited’s current situation. (LO 2) | Unit 3 - 4
- Identify and address security gaps, and implement improvements for the given scenario, based on the CIA Triad principles.
- Evaluate and apply the most common cybersecurity frameworks to protect computers against both internal and external threat actors
- Explain the rationale behind selecting a specific framework for the given scenario.
Task 3: Develop a Python application that addresses identified security risks and ensures secure data processing and storage for eSecureFin Limited. (LO 3, LO 4.) | Unit 5 - 7
- Design and implementation of a Python application that includes:
- Secure data input and output handling (e.g., sanitizing inputs, validating data).
- Introduction code for cryptography
- Encryption and decryption mechanisms to protect data at rest and in transit.
- Implementation of MFA (Multifactor authentication).
- Including comprehensive comments in the code is a best practice. Briefly discuss and assess how implementation snippets can be used to enhance understanding and reproducibility for eSecureFin Limited.
Task 4: Critically evaluate information security concepts for secure data storage using programming in the scope of eSecureFin Limited. (LO4) | Unit 7 - 9
- Critically evaluate the strengths and weaknesses of each encryption method used in task 3.1.b, in terms of security, performance, and suitability of the data.
- Evaluate the security of MFA that you have implemented in Task 3.1.d, by identifying potential vulnerabilities and suggesting improvements.
- Provide appropriate recommendations based on the given scenario for maintaining ethical standards in data security.
Task 5: Summary Report
Once you have completed individual tasks, you should write a summary report (maximum approx. 1000 - 1500 – keep in mind you have already written a brief analysis per entry, with academic referencing). This summary report serves as a platform for you to articulate and describe the key learnings derived from each task. It is an opportunity to synthesise insights, providing an overview of the knowledge and understanding acquired throughout the completion of the assigned tasks.
Portfolio instructions:
- Any write-up in the Portfolio should be written in PebblePad with font size 11, single spacing.
- With each entry (item/artefact) you put in your portfolio, you should write a brief summary of why you have chosen this particular item/artefact and how it links to that particular section. You should then analyse it in accordance with the tasks as they are laid out in the instructions above.
- Proper citations are essential. All tasks require referencing academic and other sources, listed in a Harvard Referencing style, present a reference list at the end of the Portfolio. Whenever you use external sources (pictures, definitions, line of argumentation), clearly state this at the of the sentence or paragraph by providing a reference to the original article using Harvard Referencing style.
100% Plagiarism Free & Custom Written, Tailored to your instructions