An-Najah National University

Computer Security, Computer Security and Ethics

Second Semester 2015/2016

Class: Computer Security, Computer Security and Class Number: 1/10681405, 1/10686235
Ethics
Courses: BSc CIS, BSc NIS Instructor: Othman Othman M.M.
Problem Number: 1 Originator: Al-Isara Co., Eng.Hazem Abu-Zant
Problem: Security Policy Design Duration: 12 days
Contribution: 20% of the class mark

Scope/Learning Outcomes:
Students are expected to work in groups of 5 to:
• Identify risks and vulnerabilities of the given system.
• Study the identified risks and what aspect of the CIA does they affect.
• Evaluate the identified risks, and decide weather you need to protect against them or not.
• Use the required security tools: Authentication, Access control, and Cryptography.
• To design a complete security policy for the system being studied.
Deliverables:
Each team has to prepare a slideshow in order to present their work to the company mentor/s, instructor,
and all classmates. Time of the presentation should not exceed 10 minutes (might be updated).
Also, after the presentation there will be about 5 minutes for discussion, where other teams will try find
vulnerability of the presented policy.
Weight of elements
Element Weight Score/10
Identification of vulnerabilities (comprehensive or not) 25%
Completeness of the risk study (CIA, evaluate) 25%
Proper use of security tools 15%
Comprehensive Security Policy Design 25%
(If other teams are able to find vulnerabilities then
you the designing team will loose 5 marks out of 100)
Ability to find vulnerabilities in security policies (of others) 10%

General Description of the Problem:

Students are to design a complete security policy of the Knowledge Base system presented by the
company mentor. Where this security policy have to cover, hardware and related security risks, in addition
to software related risks.