Tuesday 24 April 2018 2.00 pm – 4.00 pm (Duration: 2 hours)
DEGREES OF MSc, MSci, MEng, BEng, BSc,MA and MA (Social Sciences)
Enterprise Cyber Security (M)
(Answer ALL questions)
Copyright By PowCoder代写 加微信 powcoder
This examination paper is worth a total of 60 marks
The use of a calculator is not permitted in this examination
INSTRUCTIONS TO INVIGILATORS
Please collect all exam question papers and exam answer
scripts and retain for school to collect. Candidates must not remove exam question papers.
Liskov, Ableson & Sassenrath and Eich & Rassum are two small legal practices in the fictional country of Freedonia, specialising in immigration law. The practices have decided to merge to form a single law firm. The two legal practices rely on the Boogle Office 320 application service, a web-based software office suite. The partners find the system useful as it’s accessible across a range of devices and employees are already familiar with it, as many use the free version.
Liskov, Ableson & Sassenrath are concerned about security aspects of the current approach and are considering adopting an alternative deployment approach for the new law firm.
(i) Describe THREE alternative deployment options for the firm to consider for the given context.
(ii) Evaluate each of the alternative deployment options proposed in (i) from a security perspective by considering the advantages and disadvantages of each in the given context.
(iii) Argue for the optimal alternative deployment, previously proposed in (i) and then evaluated in (ii), justify position by contrasting the alternative deployment with the approach outlined in the given context.
The fictional country of Freedonia is not a member of the European Union (EU) or the European Economic Area (EEA). The new law firm intends to increase custom from EU and EEA member countries. The expectation is that this will inevitably lead to the firm controlling, transferring and processing data of EU and EEA citizens. Eich & Rassum state they already process and transfer personal data of citizens from EU and EEA member countries. However, while Liskov, Ableson & Sassenrath are keen to increase such custom they are concerned about legality. Eich & Rassum state all the firm needs to ensure is it has adequate data protections in place.
Argue whether or not the position of Eich & Rassum is accurate in the given context.
Summer Diet 1 Continued Overleaf/
The fictional country of Samavia is leaving the European Union (EU). The Samavia Government has commissioned a system that will support changes in tax and customs policy. The Samavia Government wants the single system accessible not only to staff, but to citizens around the world. The expectation is that individuals will be able to access the system via dedicated smartphone and web applications. The system will allow individuals to observe how much tax is owed, pay custom charges as well as receive refunds for overpayment.
The developers of the system are keen to consider and discuss potential threats with stakeholders of the new system.
Describe an appropriate framework for thinking, discussing and classifying threats and apply it in the given context.
The Samavia Government wants to align more with the United States (US) and for the country to appear innovative. The government has decided it wants small private companies and government agencies to connect their respective cyber systems to drive innovation and efficiency savings. The Samavia Government has stated it wants a rigorous, scientific approach to cyber security management to ensure safe and steady increase of integration of smaller companies. Consequently, the Samavia Government has instructed stakeholders to consult various publications from the US-based National Institute of Standards and Technology (NIST), such as the publication ‘NIST SP 800-53: Security and Privacy Controls for Federal Information Systems and Organizations’.
Outline an argument against the recommendation from the Samavia Government, i.e. concerns in relying on NIST publications.
Summer Diet 2 Continued Overleaf/
Oceania Airlines has offices in numerous countries throughout the world, such as Japan, Canada and Spain. The company headquarters – in London, UK – houses the ageing, but crucial booking system as well as the company’s Spanish- language call centre. The company finds the infrastructure of London as well as the diverse population the perfect ecosystem for its headquarters.
The Oceania Airlines management team are concerned about terrorist attacks in London and the resilience of their operation in terms of business continuity. The management team have already commissioned a business impact analysis (BIA) and have identified critical processes and time requirements.
Argue THREE other recovery requirements in the given context.
The Oceania Airlines management team are beginning to realise the importance of their ageing booking system to the resilience of their operations. Consequently, they have decided to evolve the legacy system to ensure it is resilient against emerging cyber security threats.
Outline FOUR steps to evolve the legacy booking system.
Summer Diet 3 /END
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com