CO4512 Information Security Management - Computer Science Assignment Help

Exam: Coursework Weighting:    50:50

Learning outcomes assessed by this exam:

1. Select and use applicable standards and methods for information security and risk management.
2. Compare and critically evaluate alternatives for information security management and risk assessment.

3. Critically discuss benefits and pitfalls of compliance in respect to security.

Examination Paper Structure

This examination paper is divided into 2 sections.

There are 4 questions in total.

There are Appendix A.

The mark obtainable for a question or part of a question is shown in brackets alongside the question.

Students to Be Provided With:

1 answer book

Instructions to Students:

The time allowed to complete this examination is 90 Minutes.

Answer the Question 1 from Section A (40% of the mark), and any two questions from Section B (60% of the mark).

Date:                                                                                      Time: 1.5 hours

UCLan Venue: Campus: Main Campus

Section A – Answer ALL Questions

Question 1

1. List the types of assets and provide the definition of each type.

(8 marks)

1. Explain main things that should be considered when defining narrow ISMS scope.

(8 marks)

1. Explain main disadvantages of ISO 27005 standard

(8 marks)

1. Explain the steps of defining ISMS scope.

(8 marks)

1. Explain the risk treatment process

(8 marks)

(Total: 40 marks)

Section B – Answer any TWO Questions

The answers of the following questions should be made in relevance to the given diagram in APPENDIX A

Question 2

1. Explain risk identification and risk analysis, risk evaluation, and risk treatment.

(15 marks)

1. List and justify two primary and three secondary assets from the scenario in Appendix A.

(15 marks)

 (Total: 30 marks)

Question 3

1. Explain main advantages of NIST SP800-30

(10 marks)

1. List Explain main disadvantages of NIST SP800-30

 (10 marks)

1. Explain main advantages of ISO 27005 standard

(10 marks)

(Total: 30 marks)

Question 4

1. Explain risk evaluation process

(15 marks)

1. Explain risk assessment and preparation (15 marks)

(Total: 30 marks)

APPENDIX A

The XYZRE scenario (note: this scenario is completely fictitious).

XYZRE is a new real estate agency in Preston, and its current IT infrastructure is depicted in Figure 1.      

Figure 1. The IT infrastructure of XYZRE

The IT infrastructure comprising

• Office personal computers (PCs) running Windows XP for employees;
• A machine running SQL server, which stores all information about customers and real estates;
• A machine running a mail server and stores all emails and attached files.
• A machine running an IIS web server[1] hosting the website of XYZRE on which users can browse for real estates, register themselves and contact the employees;
• All the servers and office PCs are connected to a network switch so that they can communicate with each other. The router serves as a gateway between the internal network and the internet.

After some attack incidents and financial loss, the agency realized that it should carry out a risk assessment and improve its IT infrastructure with security controls.   

[1] Internet Information Services (IIS, formerly Internet Information Server) is an extensible web server created by Microsoft.