Need Help-Assignment 3 Report and Presentation


Assignment 3 Report and Presentation based on CASE STUDY: PEOPLESHARZ.COM

(A fictitious analysis of a security breach), Length: 2700-3000 words approx. plus Appendices

Assignment 3 Report and Presentation based on CASE STUDY: PEOPLESHARZ.COM

(A fictitious analysis of a security breach), Length: 2700-3000 words approx. plus Appendices

This assignment assesses your understanding in relation to the following three course objectives:

  1. analyse information security vulnerabilities and threats and determine appropriate controls that can be applied to mitigate the potential risks
  1. explain why continual improvement is necessary to maintain reasonably secure information systems and IT infrastructure and to describe the role of disaster recovery and business continuity plans in recovering information and operational systems when systems and hardware fail
  1. Demonstrate an ability to communicate effectively both written and orally about the management of information security in organisations.

Case Study: PEOPLESHARZ.COM (A fictitious analysis of a security breach)

Background:

PeopleSharz is an Internet Start-up founded in late 2012 riding on the Social Media boom of the late 2000s. Established by former university colleagues Mark Bukerzerg (current CEO) and Peter Tweet (CTO), the company in early 2015 had over 1.2M signed-up users from across the Globe. While in the scheme of things, the user base numbers seem good, both Mark and Peter know, that to achieve a critical mass of users that will establish PeopleSharz as a “player” in the Social Media space, they will need to reach numbers upwards of 100M users.

Internet start-ups are springing up all the time – weekly, thousands of new Social Media applications are released on the Internet and while PeopleSharz has established a strong presence and following, the company is continually innovating and responding to user requirements, industry trends and competitive challenges. Mark and Peter’s 20 person Development Workshop based in Sydney’s upcoming Technology Hub, Redfern, is a busy and dynamic environment.

PeopleSharz is aiming to become financially self-sufficient by the end of 2016 at the latest. It is at this time that their venture capital funds will be exhausted but they estimate, once they hit the 50M user mark, and have deployed into production their new advertising revenue model, (both aggressively targeted for October, 2016), they will have positive financial results.

April 21st, 2016: Major New Media News Site Headlines: “New Start-up PeopleSharz Hacked – User Passwords Dumped on Pastebin”.

Waking up to news overnight that their site has been hacked and that the hacker has posted all their client details, including passwords on Pastebin has shocked Mark and Peter. Time is of an essence so an emergency teleconference is organised between Mark, Peter and Phil Jones, (the Technical Support Manager at HotHost1 – a cloud services company where the PeopleSharz environment is hosted).

The teleconference firstly confirmed that the information posted on Pastebin was in fact real. PeopleSharz seemingly has been hacked. From then on, the teleconference degenerated into blame games between PeopleSharz and the hosting provider HotHost1– each side blaming the other for the incident and each putting the onus of an incident response on the other’s shoulders – each side stating that they had no experience with security incident response and it was not their fault nor responsibility. BUT, all did agree that something had to happen quickly!

April 21st, 2016, 9:45am: Offices of HackStop Consulting

A quiet morning for you on April 21st, 2016 until 9:45am when a call reaches your desk. As a Senior

IT Security Consultant at HackStop Consulting, you’ve had calls like this many times. It’s time to get your game on again! Time to visit the offices of PeopleSharz. Their CEO, CTO and a Manager from their hosting provider HotHost1 are desperate to meet with you.

 

 

 

 

 

You’re Task

On return from your meeting, it’s time to quickly put together a proposed plan of work and a response for PeopleSharz. Given the nature of your assignment with PeopleSharz, an urgent response and work-plan is required that outlines your approach and methodologies to:

  • Assessing what went wrong – how might the hacker have compromised the PeopleSharz environment and stolen the user information?
  • How does PeopleSharz ensure it does not happen again?

At present, no other assumptions need to be made about the actual security issues/breach. This assignment is focused upon seeing if you, the student has built up an awareness of how security in Internet Websites can be assessed and analysed to assist businesses in improving their overall security position.

By being able to outline how you would go about reviewing the security breach outlined in the PeopleSharz case study and making recommendations on improving security practices and the appropriate controls that need to be put place to reduce the risks to an acceptable level, the markers will be able to assess your level of knowledge learned in this course and the additional research you have undertaken to complete this Assignment.

Any information not provided in the case study may be assumed, but make sure that your assumptions are stated and that the assumptions are plausible.

Importantly and in addition to your own study and research, there will be two specific discussion forum threads on the assignment discussion forum where you can ask questions of the main players in the case study scenario:

  1. Mark Bukerzerg and/or Peter Tweet (PeopleSharz)
  1. Phil Jones (HotHost1)

By actively participating in the forum discussions for this assignment, you will gain valuable information and insight into this case study that will be regarded highly by the markers.

Deliverables

The success of your engagement is based upon two deliverables:

  • Development of an Incident Response Work-plan
  • A business proposal to PeopleSharz Management in the form of a presentation that outlines how the organisation should be better focusing on Information Security.

In detail:

(1) Incident Response Work-plan report (WORD Document):

  • A journal
date time duration of activity activity researched or discussed
  • Executive Summary: half-page brief outlining purpose; scope, expectations and outcomes of the proposed plan of work. (250 words)

Structured Incident Response work plan for each section includes:

  • Background and problem analysis – What went wrong? How might a hacker have compromised the PeopleSharz web site environment and stolen user information ? (approx. 500 words)
  • Threat analysis -What is to be investigated and tested, how it will be done, what sort of potential issues you are looking for and deliverables PeopleSharz and/or HotHost1 can expect for each phase of work – (eg; the “deliverable” for the phase of work could potentially be a report containing the results of a vulnerability assessment test on the PeopleSharz server(s)). (approx. 1000 words)
  • Dependencies and critical success factors to the job, such as key stakeholders in this security breach – people to be interviewed or whose involvement in that phase of work is required. (Remember, you don’t always get free-rein access to systems and other information and because time is of importance, you won’t get a long time to master the environment. But, as you know, you cannot also always believe everything you are told). What is key to getting this job done efficiently and what support do you need to get this done, (from PeopleSharz and also the hosting provider). (approx. 500 words)
  • Set of recommendations for improving PeopleSharz’s current security practices and ensuring that an appropriate set of controls are put in place (approx. 750 words)
  • Reference list of key sources in particular technical references which support your approach (Not counted in word count)

This assignment is focused upon seeing if as a student in this course you have built up an awareness of how security in an environment should be set up and operated. By being able to outline how you would review and test the security of the fictional organisation, PeopleSharz, through assessment of the basics such as good policies, standards, procedures and controls in place, in addition to detection of incidents, the markers will be able to assess your level of knowledge learned from the course content and from your own additional research in relation to this case study.

 

Need Help-Assignment 3 Report and Presentation

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: