Add to collection(s) Add to saved
  1. Social Science
  2. Psychology
  3. Conformity

SHIS-ws1

advertisement 
School of Computer and Information Science
Secure and High Integrity System
(INFT 3002)
Workshop 1
Tutor: William Yeoh
gingsun.yeoh@UniSA.edu.au
Workshop 1: Outline




Group project details
Harvard referencing
Hints on Q1 & Q2
Group discussion
Group project details





Form a group of 3 by Wednesday (18 Sept)
Report due on 7 November, 5pm (Friday)
You must pass this assessment to pass the course
3000-5000 words
You may decide the company’s name, location
(not necessary Australia), etc.
Harvard referencing (author-date system)
Book
 Watt, J., Mizuno, B., & Lee, H., 1999, Data on the web:
from relations to semistructured data and XML, Prentice
Hall, San Francisco.

Networking essentials plus, 2000, 3rd edn, Wiley Press,
Washington.
Journal
• Middleton, A., 2002, ‘Who needs a killer application’,
Journal of research in IT , vol. 41, no. 12, pp. 28-29.
Harvard referencing (author-date system)
Websites

Alcohol and Drug Studies, 1998, viewed 15 Sept. 2003,
<http://www.mindef.org/reports/drug.pdf>
• COA (Commonwealth of Australia), 1994, Creative Nation:
Commonwealth Cultural Policy, October 1994, viewed 15 Jan.
2003,
<http://www.nla.gov.au/creative.nation/preamble.html>
• Thomas, S 1997, ‘Guide to personal efficiency’,
Adelaide University, viewed 14 Nov. 2002,
<http://library.unisa.edu.au/~sthomas/papers.html>
Harvard referencing (author-date system)
Conference paper
 Hills, J., 2000, ‘Relative timing of deformation’ in Proceedings
of the 14th Australian Universities Earth Sciences Conference,
Geological Society of Australia, Melbourne, pp. 38-42.
Government periodical
 ABS (Australian Bureau of Statistics), 2001, Catalogue of
publications and products, ABS, Canberra.
In-text referencing

Poor quality information can have significant social and
business impacts (Strong, Lee & Wang 1997). There is strong
evidence that data quality problems are becoming increasingly
prevalent in practice (Ali & Redman 2004; Cameron 1996).

Dianne (Tan 2001, p. 71) stated that most organisations have
experienced the adverse effects of decisions based on
information of inferior quality.

Most organisations have experienced the adverse effects of
decisions based on information of inferior quality (Dianne cited
by Tan 2001, p.71).
Task: Your group is a small newly formed IT
Security Consultancy and recently have been
employed on your first case

Abraham is a health administrator (MD) but he has no modern
technical understanding of IT security issues.

Abraham has had no problems with IT Security until very recently
when the Hospital’s network was subject to a series of attacks. In the
period of 3 days, the Hospital’s website was defaced, a serious virus
infected the Hospital’s e-mail and large quantities of data were
corrupted

Abraham wonders why this is happening and he questions whether
there is a link to his company’s partnership with a large Health
Insurance Company. He is also concerned to find out who might be
attacking his network and why.

He is very anxious to grow his business and knows that he needs
quickly to implement some security measures so as to pass an external
audit (he has had nothing more than some proprietary and outdated
anti-virus software until now).
Organisation Structure
Abraham Wong
MD
Warren Chan
Executive assistant
Douglas Brown
Chief Information Officer
Luigi Rossi
Chief Medical Officer
Mubarak
Chief Admin Officer
Senior Sys Admin
Chief Nursing Officer
Finance manager
HR Manager
Junior Sys Admin
Medical and Nursing staff
Finance officer
Admin officer
The issues Abraham is asking for advice on are:
1. What risks do you think he is facing as he gears up
his business and how can he manage these risks?
2. How can he develop a suitable security policy (given
the company structure above)? Supply a security policy
as Appendix 1 (you may use all the resources in the
Resources for Module 2 and adapt these as necessary)
3. Does he need to implement some cryptographic protection
of data? How?
4. What is a “trusted” system, why might he need one
anyway, and can he implement this within her Windows NT
network?
The issues Abraham is asking for advice on are:
5. How can he protect his network? Currently it is a simple
LAN, some databases, a mail server and a web server but
he wants to add some E-Commerce functionality very
soon. What will happen when his staff use wireless
enabled PDA’s for the collection of patient data?
6. Why might hackers be attacking his network; why would
they be interested in his company?
7. Is there any legislation to help him if his network is hacked
into again?
8. What kind of legal or ethical issues will he herself face if
the data in his databases or files is lost or damaged?
Today’s task
1. What risks do you think he is facing as he gears up his
business and how can he manage these risks?
2. How can he develop a suitable security policy (given the
company structure above)? Supply a security policy as
Appendix 1 (you may use all the resources in the
Resources for Module 2 and adapt these as necessary)
Hints for
Q1. What risks do you think he is facing as he gears
up his business and how can he manage these risks?
Risk identification, analysis & management
1. Hardware
Database server, mail server, web server, staff’s PC/laptop
Overloaded, theft, fail to function
Housekeeping should be done on all servers, backup, monitor
2. Software
Web page, internal hospital system, firewall, commercial off-theshelf security software
Unauthorised copying, no authentication, no trace log, anti-virus
not updated
Encryption, update anti-virus, trace log, password
Hints for
Q1. What risks do you think he is facing as he gears up his
business and how can he manage these risks?
3. Data
Customer personal data, staff data, etc
Inference problem, no transaction security
VPN, encryption
4. People
System administrator, operator and end-users.
Ex-staff’s ID, system administrator fails to define new sensitive data,
system operator neglects the physical security, end-users lack of pc
knowledge
Staff training, change password periodically, create sensitive data def
5. Documentation
Sensitive data, eg invoice
How to dispose sensitive doc, exposal to third party
Proper report handling procedure
Hints for:
Q2: How can he develop a suitable security policy (given the company
structure above)?

Organisational domain/ stakeholders
- who are they?

Corporate hierarchy
- multilevel vs multi lateral

Methodologies of protection
- all related issues
Hints for:
Q2: How can he develop a suitable security policy (given the company
structure above)?







Informational security policy
Personnel security policy
Database security
Physical & environmental
Computer & network
System development & maintenance
Etc.
group
discussion
Related documents
Academic Integrity
Academic Integrity
MGT 450 Week 2 DQ 2 Industry Analysis
MGT 450 Week 2 DQ 2 Industry Analysis
describe discuss demonstrate ask questions do it!
describe discuss demonstrate ask questions do it!
HB Lit rsd task 3 explanation
HB Lit rsd task 3 explanation
01-11-2015 The Forest for the Trees
01-11-2015 The Forest for the Trees
Comparison Chart
Comparison Chart
In the Great Pathway
In the Great Pathway
George's Farm Products, Inc. 160 Kirkland Ave. Clinton, NY 13323
George's Farm Products, Inc. 160 Kirkland Ave. Clinton, NY 13323
Download
advertisement