COMPSCI 5077 Enterprise Cyber Security 2017
Hello, dear friend, you can consult us at any time if you have any questions, add WeChat: daixieit
Enterprise Cyber Security (M)
2017
1. Tramiel & Rejewski is a new medical practice, specialising in children’s health, in a bustling European city. The practice joins an emerging community of medical practices in the city that specialise in different areas, such fertility and geriatrics. The relatively modern medical practice, much like others in the community, stores all patient records digitally.
a) Tramiel & Rejewski are concerned about the availability of data, especially when patient records are likely to escalate during the winter months. Tramiel & Rejewski are concerned they do not have the budget to heavily invest in new machines and infrastructure to store and access digital medical records. They are also concerned that they may need to invest in 24-hour technical staff to manage new infrastructure, an expensive concern especially if patient registrations slow down. A competing medical practice recommends cloud computing as a solution.
Describe FOUR advantages of utilising cloud computing in the given context.
b) Tramiel & Rejewski have identified the fictional PublicCloud Inc., a public cloud infrastructure offering. However, they have concerns about the confidentiality of medical records on PublicCloud Inc. as well as rules and regulations regarding patient data.
State THREE concerns with the use of a public cloud deployment model and describe an alternative solution in the given context.
c) Tramiel & Rejewski have decided that they make use of various offerings provided by cloud computing service providers. They may use these services to analyse financial records of patients to determine missed payments and time spent with medical professionals. Tramiel & Rejewski are concerned about the potential impacts of the General Data Protection Regulation on the use of such services.
Describe THREE stipulations of any contract between the controller and processor in the given context.
2. OrangeBricks is a web-based estate agent where home and business owners can sell property for low administrative fees. The business has grown from strength to strength, leading to the storage of considerable data. The business is concerned about its business continuity planning.
a) The management team believes the business can withstand permitted data loss of approximately 10 hours. The management team state the figure has been determined by the IT department, given the current level of infrastructure.
Argue whether the figure is relevant or not in the given context, explain RPO and state your final position.
b) The management team are committed to business continuity planning, but are unsure what should inform decisions.
Describe an initial process with FOUR main stages that would inform business continuity planning.
c) The management team is considering storing duplicate copies of data on cloud computing infrastructure. The data would include standard bidding letters for properties. Buyers use the standard letter and alter the address and price when submitting sealed bids for properties. The management team has learned the provider uses the process of deduplication and this may present some concerns for the business.
Describe a potential attack that could utilise a potential vulnerability in an implementation of data deduplication in the given context.
3. Deliveraa is a small, nimble distribution company that delivers various types of packages. The company has seen considerable growth over the past two years, through effective use of cloud computing and smartphone applications.
The company is being perceived as a potential acquisition by many, including EHL Inc. an established enterprise with many legacy systems and depots throughout the world.
a) EHL have concerns about the management of customer data by Deliveraa. Deliveraa are considering utilisation of the ISO 27001/27002 framework and controls.
Argue whether Deliveraa should utilise the ISO 27001/27002 framework and controls or not. Describe TWO potential benefits, TWO potential concerns and state your final position.
b) EHL Inc. have decided to make a legacy mainframe application, ScanCheck, accessible outside depots via a custom smartphone application. Delivery drivers currently use dedicated barcode scanners directly wired to the mainframe to scan packages before departing the depot. The legacy ScanCheck application rapidly processes the expected input from the barcode scanner. EHL Inc. plan to allow smartphones to act as barcode scanners and send the expected output to the legacy ScanCheck application.
Identify a potential problem in the proposal and outline an appropriate
c) EHL Inc. have decided to evolve all their legacy systems after concerns that they may expose the organisation to unwanted cyber threats. EHL Inc. want to evolve the legacy systems rapidly, but are concerned as they have limited staff with sufficient experience of the legacy systems.
Describe FOUR approaches to evolve legacy application and argue for the optimal approach.
2022-07-14