Information Security Strategy Development

Assignment Brief
As part of the formal assessment for the programme you are required to submit an
Information Security Strategy Development assignment. Please refer to your Student
Handbook for full details of the programme assessment scheme and general information on
preparing and submitting assignments.
Learning Outcomes:
After completing the module, you should be able to:
1) Evaluate the basic external and internal threats to electronic assets and
countermeasures to thwart such threats by utilising relevant standards and best
practice guidelines.
2) Analyse the legalities of computer forensics phases and the impact of the legal
requirements on the overall information security policy.
3) Critically assess the boundaries between the different service models (SaaS, PaaS,
IaaS) and operational translations (i.e. cloud computing) and to identify the associated
risks.
4) Critically investigate a company information security strategy to provide consultation
and coaching through reporting and communication.
5) Assess, compare and judge computer media for evidentiary purposes and/or root
cause analysis.
6) Apply relevant standards, best practices and legal requirements for information security
to develop information security policies.
7) Lifelong Learning: Manage employability, utilising the skills of personal development
and planning in different contexts to contribute to society and the workplace.
Your assignment should include: a title page containing your student number, the module
name, the word count; the appendices if relevant; and a reference list in Arden University
(AU) Harvard format. You should address all the elements of the assignment task listed
below. Please note that tutors will use the assessment criteria set out below in assessing
your work.
Maximum word count: 2,500 words
Assignment Task: Part 2
This assignment is worth 50% of the total marks for the module.
1) A Denial of Service attack (DoS) represents one of the most widespread types of
cyber-threats to businesses of all sizes. DoS prevents users of an online IT system
from accessing vital services for an extended period of time, creating both financial and
reputational losses for the affected company. Many DoS attacks have blocked websites
of private, public and government organisations from serving their clients, customers
and partners for hours or even days. Addressing corporate vulnerability to DoS attacks
is now becoming more and more critical due to the growing adoption of cloud-based
architectures and information sharing platforms. As such, a consideration of DoS
related risks should be placed at the core of any information security strategy.
Critically analyse the most typical scenarios leading to the increased exposure to DoS
attacks. Suggest specific counter-measures which could be incorporated to the
corporate information security strategy. These should include:
a) infrastructures to minimise the likelihood of the occurrence of such an event
(preventive approach)
b) mechanisms to mitigate the issues created by the occurrence of such an event
(the reactive approach)
c) policies which recognise this threat as an overall business risk rather than merely
technical risk.
(70 marks)
(LOs 1, 4, 5, 6 & 7)
2) Using WinHex or a similar tool, try to load your operating system swap file for digital
forensics investigation. Report your findings about:
a) Recovered deleted files
b) Extracting used passwords
(30 marks)
(LO2)