|
Background
Apex University is a private higher education institution with over 10,000 students and staff. The university relies heavily on online platforms such as virtual learning environments (VLEs), cloud-based storage, and email services. Recently, the university faced two major incidents: a ransomware attack that temporarily blocked access to the VLE, and a data breach that exposed personal details of students applying for scholarships.
These incidents highlighted the urgent need for stronger cyber security to protect sensitive data (student records, financial information, research data), comply with GDPR, and maintain institutional reputation. Apex University appointed Zenith Solutions to conduct a review of current practices, strengthen its security framework, and implement secure coding measures in its new student portal.
|
|
Task 1: Examine Principles of Cyber Security within Organisations and Society (LO1)
Scenario Context: disrupted online classes for several days. At the same time, a student records breach exposed names, addresses, and financial details of scholarship applicants. The university wants to rebuild student and staff trust and ensure compliance with GDPR and other education data protection laws.
Requirements:
- Describe the role of cyber security principles (Confidentiality, Integrity, Availability, Identification, Authentication, Authorisation, Accountability) within Apex University and society. (P1)
For higher grade:
- Explain how these principles are applied within Apex University (e.g., encrypting student records, using MFA, logging user actions) and their importance to wider society (maintaining trust in digital education). (M1)
- Justify the use of specific principles and technology components (e.g., AES encryption, SIEM, RBAC) by showing how they address Apex’s risks and benefit both the organisation and the public. (D1)
Submission Guidelines: Prepare a report (approximately 1,000 words) addressing the requirements outlined above. Use real-world examples and case studies to support your analysis.
Task 1 structure could be around:
✔ Introduction
✔ Explanation of principles
✔ Application to Apex
✔ Justification of technologies
✔ Conclusion
✔ References
Task 2: Explore Factors That Contribute to Security Functionality in Cyber Security (LO2)
Scenario Context: Apex currently has outdated antivirus, limited intrusion detection, and weak email filters. A phishing campaign recently compromised staff account. The university wants stronger security systems and assurance methods.
Requirements:
- Outline the impact of Apex’s current security technology components (firewalls, IDS/IPS, endpoint protection). (P2)
- Describe security assurance methods Apex can apply (penetration testing, vulnerability scans, GDPR audits). (P3)
For higher grade:
- Explain the purpose and application of frameworks (e.g., NIST Cybersecurity Framework, COBIT) for designing better security. (M2)
- Justify why these components and frameworks are essential for Apex’s needs and their societal value (e.g., protecting trust in online learning and personal data security). (D1)
Submission Guidelines: Create a presentation (8-10 slides around 500 words) in .pptx format that outlines your findings and recommendations. Include diagrams, such as network topology and data flow diagrams, to illustrate your points. Present your work in a clear and professional manner suitable for an executive audience. Diagrams such as network topology or data flow may be included within the 8–10 slides.
Task 3: Apply Programming and Scripting Languages to Design or End User Requirements (LO3)
Scenario Context: Apex is launching a new Student Portal for grades, tuition payments, and resources. The IT manager wants secure authentication and access control built into the system.
Requirements:
- Produce a Python script or in any other programming language that meets Apex’s requirements (e.g., password hashing, MFA, RBAC). (P4)
- Explain the variations you considered when producing clean and maintainable code (e.g., commenting, modular design, avoiding hard-coded values). (P5)
For higher grade:
- Assess the suitability of the code produced (functionality, efficiency, and security). (M3)
- Evaluate the suitability of the code in terms of end-user requirements, and recommend improvements for security, scalability, and maintainability. (D2)
Note for Task 3.1:
Here the learner has flexibility in how they approach the coding task. They could (Anyone need to be implemented):
- Implement password hashing using a suitable method (e.g., bcrypt, Argon2, or PBKDF2) to avoid storing plain-text passwords.
- Add a simple Multi-Factor Authentication (MFA) step, such as generating a one-time code (OTP) sent by email, SMS, or displayed in the terminal.
- Design Role-Based Access Control (RBAC), ensuring different user types (e.g., student, lecturer, admin) have different permissions.
- Create a session management system (tokens or session IDs) so logged-in users keep their access until logout.
- Build a logging/audit system to record failed and successful login attempts for accountability.
- Add encryption of sensitive files (e.g., encrypting student results before storage).
- Integrate with a small database (SQLite/MySQL) instead of storing credentials in plain variables.
- Package the solution as a simple web app (Flask/Django) instead of just a command-line tool.
- Add error handling for wrong passwords, expired OTPs, or unauthorised access attempts.
Some may build a simple command-line login system, while others could extend it into a web application or API-based service both approaches are valid, as long as the solution demonstrates functionality and has some basic level of security.
Submission Guidelines: Submit the program code or script along with a reflective commentary (approximately 1500 words) that explains your approach to clean coding and assesses the suitability of the code. Additionally, include a section with recommendations for future improvements.
|
