Greenwood Financial Services, a pioneer in digital banking solutions, was established in Manchester on 10th September 2017
2024-08-06 15:00:58
Assessment Brief
*This document is for CU Group students for their own use in completing their assessed work for this module and should not be passed to third parties or posted on any website. Any infringements of this rule should be reported to engagement@coventry.ac.uk
Assessment Type: Coursework
|
Assessment Number: 1
|
Study Mode: FT
|
Weighting: 40%
|
Submission Date: 12/07/2024
|
Submission Time: 18:00
|
Campus:
CUL /CUS /CUW
|
|
Task:
Introduction:
The purpose of this assignment is to deepen your understanding of information security principles and practices. Information security plays a critical role in safeguarding data from unauthorized access, ensuring its integrity, and maintaining its availability. In this assignment, you will explore various aspects of information security, including risk assessment, security policies, encryption, access control, and incident response.
Assignment Tasks:
Task 1: Discuss various aspects of information security (60% Marks)
- Risk Assessment (20% Marks)
Perform a risk assessment on the organisation in the case study. Identify potential threats, vulnerabilities, and impacts to the organisation`s information assets. Explain how risk assessment assists in determining the appropriate security measures to mitigate these risks.
- Security Policies (15% Marks)
Develop a set of security policies for an organisation to address the following areas:
- Password Management.
- Acceptable Use of IT Resources.
- Data Classification and Handling.
Explain the importance of each policy and discuss how they contribute to protecting the organisation`s information assets.
Discuss the role of encryption in information security. Explain the difference between symmetric and asymmetric encryption algorithms. Provide examples of encryption technologies commonly used in securing data transmission and storage.
- Access Control (15% Marks)
Describe the concept of access control in information security. Differentiate between mandatory access control, discretionary access control, and role-based access control. Discuss the advantages and disadvantages of each access control model. Provide real- world examples of access control mechanisms in practice.
Task 2: penetration testing (40% Marks).
Conduct systems penetration testing against a range of the technologies and systems identified within the organisation referred in the case study using Coventry University applications and to produce a penetration test report using an industry standard.
*NB. Under no circumstances should penetration testing be conducted against any real-world Organisation during your work. This activity is illegal and will lead to disciplinary action also potentially lead to prosecution.
Case Description
Greenwood Financial Services, a pioneer in digital banking solutions, was established in Manchester on 10th September 2017. This institution mainly caters to businesses looking for online financial transaction solutions amidst the global push for digitisation. Located in the heart of Manchester, their headquarters manages over 1 million online transactions daily.
The IT framework of Greenwood is diverse and robust. They utilise a mix of Windows Server 2016 and 2019; Windows Workstations 10; and Linux-based computing solutions. A few critical financial software still operates on older Windows 7 platforms, making them indispensable for certain operations.
Their digital platform allows businesses to access account details, make online payments, request loans, and manage various financial products. This online portal is crucial for Greenwood`s reputation and seamless business operations. Their client base includes both local small-scale businesses and multinational corporations. Each business client has unique login credentials to access Greenwood`s online services.
The core of their data storage and retrieval system is built on Linux-based Oracle database servers, Tomcat application servers, and a dedicated application server for Employees` in-house use. The authentication mechanism is built around the Java Enterprise Connector Architecture, encompassing components such as active directories, web servers, and SQL databases. These individual connections, referred to as realms, play a pivotal role in ensuring data integrity and security.
Maintaining the confidentiality of business transactions and the personal information of clients is paramount for Greenwood. They have to adhere strictly to the Financial Conduct Authority (FCA) regulations and the General Data Protection Regulation (GDPR).
Greenwood`s intricate infrastructure is powered by a state-of-the-art local area network spanning their entire building. Partnering institutions such as loan providers and credit scoring agencies in the Manchester region, are also granted access to specific data sets. They connect via Greenwood`s secure online portal, ensuring a holistic financial service ecosystem for all users
Completion of this assessment will address the following learning outcomes:
|
1
|
Describe the fundamental concepts associated with the digital security landscape including risks, threats, attacks, adversaries and security requirements, and in relation
to the confidentiality-integrity-availability (CIA) triangle.
|
2
|
Discuss the different technologies that constitute the security mechanisms at various
levels in a digitally networked environment.
|
5
|
Perform penetration tests to expose the vulnerabilities of a system
|
Submission Guidelines
There should be a title page which clearly identifies the following:
* Name and code of the module
* Title of the Assessment
* Assessment number
* Word count
The word count identified includes quotations and citations. However, it does exclude the list of references and/or the bibliography and, unless specifically stated, encompasses a discrepancy of + or – 10%.
There will be a penalty of a deduction of 10% of the mark (after internal moderation) for work exceeding the word limit by 10% or more.
Late Submission
If you are not able to complete your coursework on time due to extenuating circumstances*, the ONLY way to receive an extension (up to 5 working days) or a deferral (anything longer than 5 working days) is to apply using the online portal where you will also be able to find more information about extensions and deferrals any evidence required.
Extenuating circumstances are defined by CU as ‘genuine circumstances beyond your control or ability to foresee, and which seriously impair your assessed work’. Please note that you will need to provide third party evidence to support your reasoning for requiring an extension or deferral. Your course tutor is NOT able to approve an extension or a deferral. If you have not completed the official forms, your work will count as not submitted and receive a zero mark.
Guidance Notes and Considerations
Referencing
- Access, Foundation and Undergraduate:
- You should use APA 7th edition style of referencing.
- Referencing guidance can be accessed on the Library’s LibGuides pages.
Law:
- You should use OSCOLA referencing.
- Referencing guidance can be accessed on the Library’s LibGuides pages.
Retakes or deferrals where CU Harvard referencing was previously used:
- If you have previously used the CU Harvard style of referencing, you can continue to use this until you graduate.
- Although you can choose to make the switch to APA at any time, you must use a single consistent style of referencing within each assessment
- Referencing guidance can be accessed on the Library’s LibGuides pages.
Use of Sources and Information:
You can access high quality, authoritative information via the library. Use LibGuides to access Locate, BibliU and research guidance.
Academic Writing Resources
There are a variety of academic writing resources available which can be accessed via LibGuides. These writing guides can help with different types of assessment as well as important writing skills needed for university.
Glossary of Assessment Terms for Assessment Writing – this is an a-z that covers the majority of terms used in assessment briefs, learning outcomes and feedback throughout the CU Group. If you would like any further support with your assessment, you can contact your Academic Writing Developer or visit the Academic Writing LibGuides page.
If you would like to book an Academic Writing appointment for support with your assessment, you can contact your Writing Developers:
CUC: learningservices.cuc@coventry.ac.uk CUS: academicskills.cus@coventry.ac.uk
CUL Dagenham: academicwritingservice.cul@coventry.ac.uk CUL Greenwich: awsgreenwich.cul@coventry.ac.uk
Academic Integrity Guidance
The best way to avoid academic misconduct is to follow appropriate academic and referencing conventions. Further guidance on academic integrity and conduct can be found using LibGuides.
Collusion between students (where sections of your work are similar to the work submitted by other students in this or previous module cohorts) is taken extremely seriously and will be reported to the Academic Conduct Panel. This applies to all coursework and exam answers. If you would like more guidance on understanding collusion, you can find it on LibGuides.
If an assessment suspected of involving a breach of academic integrity is found to display a marked difference in writing style, knowledge and skill level from that demonstrated elsewhere on the course, you may be required to undertake a Viva Voce in order to prove the coursework assessment is entirely your own work.
Proofreading of assessments by CU approved proof-readers is permitted. There is a list of approved proof readers along with guidelines for use. However, please remember that proofreading is a lengthy and detailed process for which there is a cost. If you decide to use a proof-reader, please take this into account and contact them at least 10 days in advance of your assessment deadline.
You must not submit work for an assessment that you have already submitted (partially or in full), either for your current course or for another qualification of this university, unless this is specifically provided for in your assessment brief or specific course or module information.
It is important to realise that as a student you should not submit all or part of an assessment for which you have already received academic credit, to be used for an assessment in a different module. Reusing your own work in this way is called self-plagiarism. Where you wish to refer to some of your own work you must reference it in the same way that you reference work by other people.
70-79%
1st
|
|
1st - Excellent work with clear evidence of understanding, creativity and critical/analytical skills. Thorough research
well beyond the minimum recommended using methodologies beyond the usual range. Excellent understanding of knowledge and subject-specific theories with evidence of considerable originality and autonomy.
Excellent ability to apply learning resources. Demonstrates consistent, coherent substantiated argument and interpretation. Demonstrates considerable creativity and clear problem-solving skills. Assessment completed with accuracy, proficiency, and considerable autonomy. Excellent communication and expression, some evidence of professional skill set. Student evidences deployment of a highly developed range of technical and/or artistic skills.
|
60-69%
|
2:1 - Very good work demonstrating strong understanding of theories, concepts and issues with clear critical analysis. Thorough research, using established methodologies accurately, beyond the recommended minimum with little, if
|
Uncontrolled when printed V1.0 November 2023
3rd Class
|
|
Basic ability to apply learning resources. Demonstrates ability to devise and sustain an argument. Demonstrates some originality, creativity and problem-solving skills but with inconsistencies. Expression and presentation sufficient for accuracy and proficiency. Sufficient communication and expression with basic professional skill set. Student demonstrates technical and/or artistic skills.
|
30-39%
Fail
|
Fails to achieve learning outcomes
|
Fail – Very limited understanding of relevant theories, concepts and. Little evidence of research and use of established methodologies. Some relevant material will be present. Deficiencies evident in analysis. Fundamental errors and some misunderstanding likely to be present.
Limited ability to apply learning resources. Student’s arguments are weak and poorly constructed. Very limited originality, creativity, and struggles with problem-solving skills. Expression and presentation insufficient for accuracy
|
Uncontrolled when printed V1.0 November 2023
100% Plagiarism Free & Custom Written, Tailored to your instructions