Learning Outcomes:

After completing the module you should be able to:

1. Critically evaluate concepts, principals and practice in the area of information systems security.

2. Demonstrate an in-depth understanding of a comprehensive risk management practice for ensuring secure information systems

3. Demonstrate the ability to consider relevant ethical and legal issues involved in the information systems security

4. Demonstrate the ability to perform information systems security audit based on industry specific standard and summarize the audit results

5. Critically evaluate and develop security policy and assess for the effectiveness and improvement of information systems security

6. Demonstrate the ability to document and explain in a professional manner their work

Your assignment should include a title page containing your personal details, the module name, the submission deadline and a word count; the appendices if relevant; and a full bibliography in Bournemouth University (BU) Harvard format. You should address all the elements of the assignment task listed below. Additional marks are awarded for the good use of theory and the supply of additional information from academic research and journalistic sources.

Word Limit: 3000 words (maximum)

Assignment Task

You have been placed in charge of Security for a new integrated IT system called UNITC (UN IT Cloud) system for handling United Nations communications between various regional offices across the world. The new strategy is to migrate to cloud to reduce operation and capital costs related to IT and communications by moving to a full paperless environment. The mandate has been published to all UN regional offices.

The regional offices have different level of activities in various divisions (departments) and agencies including human rights, financial affairs (banking), drug and criminal, culture, health, etc. as well as organizational charts for C-level management, human resource, finance, legal, IT, research departments, security, etc.

The new IT strategy requires a systematic paperless communication systems with different privileges upon the confidentiality and roles of users in the network.

The regional sites now should migrate to the paperless system with secure data stores for official documents, also emails and recordings related to the telephones calls.

The web presence is aiming to become more centralised with options to navigate to the regional sites. The cross domain communications are still required as most of the regional offices have autonomy to maintain and update their own presence in the Internet. However, they must follow the security guidelines and adapt a proper IT and security governance set by the UN IT department. The aim is to shift the responsibilities to regional offices to maintain their systems according to the IT Security Guidelines set as part of the UNITC system.

Question 1

Discuss the potential vulnerabilities and risks the UNITC system may be exposed to from the cloud and sub-systems. Rank the vulnerabilities in order of severity (from UN central office viewpoint) and justify the ranking with suitable academic argument and referencing.

Question 2

During the initial migration phase of tier-1 UN regional offices to UNITC, you discovered from the security logs that a virus was detected in the research reports related to UN Human Right division and dealt with automatically with no harm being done.

The UN Technology Director has mandated that all security flaws and virus attacks within the first year of operation must be reported with a statement as to how the system would be modified and governed to deal with a future attempt.

Consider the issues involved and determine whether or not you would report it. You need to explain the rational for each issue. Justify your decision with reference to standard practices. Reference the standard practices.

Question 3

The UN Technology Director has difficulty determining whether or not the system should go live without a paper system being used to shadow all functions during the first year of operation. They ask for a report from you on the issues from a security point of view. With suitable referencing and argument discuss your choice of approach.