CP5603 (Case Study)

Case Study
This case study has 3 parts. Scenario Companies are always threatened with new types of issues, such as malware, disasters, incidents etc. A company, which is a large bank has appointed you as a security consultant to provide a detailed report on information classification, threat assessment, identifying attacks and their proposed countermeasures.

Part 1 (15 marks) Your task is to analyse the information used within the bank. Use information security principles to determine the classification of each information type. Your answer should consist of the following: 1) State what information types are likely to be in use in the department and what the various generic threats are to each information type. 2) Propose a classification system for the departments information and justify your choice of system. 3) Use your classification system to allocate a classification to each information type. Justify your choice of classification.

Part 2 (15 marks) Your task is to conduct threat analysis on technical and physical areas and identify types of attacks: 1) Identify 5 technical and 5 physical threats to the bank 2) Identify 5 different types of attacks and their impacts to the bank Part 3 (20 marks) Propose a complete countermeasure for the threats and attacks identified in Part 2. Provide justification for each countermeasure.

1|Page

CP5603 (Case Study) You should provide 3 parts in a final report. For submission instructions, follow:

Submission Instructions
The report should be set out in the following manner: y Report should contain 3000-3500 words y y y y y y y 11 point Times New Roman 1.5 line spaced Margins set to 2.5 cm Justification block justified Footer Should contain your JCU StudentID and Full Name (8 point type) and a Page Number The report should contain an index and have appropriate headings and sub headings The style of the report is a business report and as such it is expected that you present a professional report in both format and style

2|Page