King’s College London
This paper is part of an examination of the College counting towards the award of a degree. Examinations are governed by the College Regulations under the authority of the Academic Board.
Examination Period Module Code Module Title
August 2020 (Period 3) 7CCSMSEM – online exam Security Management
Format of Examination Start time
Time Allowed Instructions
Rubric
Written questions
8am BST 28 August 2020
ONE AND A HALF hours
You are permitted to access any materials you wish, but this is not mandated and is not expected. You may use a calculator if you find this helpful.
ANSWER ALL QUESTIONS. Written Questions worth 50 marks each
The rubric for this paper must be followed and extra answers should not be submitted. For answers that are handwritten, write with blue/black ink on light coloured paper. Include the Module code, question number and student number on every page to be submitted. For an- swers that are typed, use the template provided.
Submission Deadline 9.30am (BST) 28 August 2020
Submission Process Work must be submitted to the level 7 Informatics Assessments
KEATS page.
Your work must be submitted as a PDF file. If you have prepared some answers on computer, and some on paper (which have then been digitised), you may upload at most two PDF files – one for computer-prepared answers, one for digitised answers. Do not duplicate answers across the two PDFs – if you do this, the computer-prepared answer will be taken. You should check that your work displays correctly after it has been uploaded.
ACADEMIC HONESTY AND INTEGRITY
Students at King’s are part of an academic community that values trust, fairness and respect and actively encourages students to act with honesty and integrity. It is a College policy that students take responsibility for their work and comply with the university’s standards and re- quirements. Online proctoring / invigilation will not be used for our online assessments. By submitting their answers students will be confirming that the work submitted is completely their own. Misconduct regulations remain in place during this period and students can familiarise themselves with the procedures on the College website
Important: Students should copy out the following statement and include it with their submission for each examination:
I agree to abide by the expectations as to my conduct, as described in the academic honesty and integrity statement.
2020 King’s College London
August 2020 7CCSMSEM – online exam
1. Question One
The Group of Appreciation of the Natterjack Toad (GANT) is a conservation group that is keen to promote and preserve the well-being of the Natterjack Toad. It is a UK-registered charity and has a significant number of over 100,000 members world-wide across 42 countries who are all keen to promote the work of GANT, and 100 staff working full-time at GANT. All information for the organisation can be accessed using a web-based application. This information includes GANT’s member records, its activities, meeting places, confidential aspects of their work, natterjack toad habitats, etc. In the past, members have raised concerns about information security, and to prevent further cyberattacks, GANT is ready to make information security a top priority amongst its workforce.
a. Describe the Security Roles and Teams you would suggest GANT to have and explain why.
b. What threats and vulnerabilities may GANT face?
[20 marks]
[30 marks]
Page 2
SEE NEXT PAGE
August 2020 7CCSMSEM – online exam
2. Question Two SEM Ltd. is a company that operates an online service 24/7 all days of the year serving 10,000 customers all over the world. SEM Ltd. suffered 90 Denial of Service (DoS) attacks since they started operating 3 years ago. Every time this attack happens, it causes losses of £1 per customer, as their services are not available to their customers until SEM Ltd.’s IT team manage to relaunch the online platform. An off-the-shelf DoS mitigation appliance costs £300,000 per year, and SEM is more concerned about the company’s finance status than customer confidence.
a. Conduct a quantified assessment, including a clear description of the metrics used, of the risk SEM Ltd. faces, and decide the most adequate risk treatment, clearly identifying both the name of the risk treatment action and its rationale.
[30 marks]
b. As an alternative to the off-the-shelf DoS mitigation appliance, SEM Ltd. are also exploring cloud computing, so that they could elastically expand the instances of their service as a way of replicating it and becoming less vulnerable to DoS. However, SEM Ltd. are worried about whether they will be able to completely remove data from the cloud when needed. What are the main challenges that make it difficult for SEM Ltd. to delete data from the cloud?
[20 marks]
Page 3
FINAL PAGE