Qatar University IT Security Management The Banking System Case Study 1. Based on the knowledge gained from the module, students are expected to choose any IT system that helps in managing a business, carry out a detailed case study on IT security management aspects of it, and submit the report.
The following are some of the IT management systems, choose one of them:
– Banking system.
– Insurance management system.
– Transport management system.
– Pharmaceutical system.
– Hospitality management system.
2. The case study report should cover the following:
Clear description of the chosen system that covers the following:
• Type, nature, Organization /company where it is used and its major functions for running the business of an Organization.
• Information Security professionals working in the Organization and their roles.
• Location of the company, Major assets.
• Types of users, customers.
• Major threats to Information Security.
3. Analyze the following IT security management principles in the context of considered system:
• The Three Security Goals Are Confidentiality, Integrity, and Availability
• Defense in Depth as Strategy
• Security = Risk Management
• The Three Types of Security Controls Are Preventative, Detective, and Responsive
• Open Disclosure of Vulnerabilities Is Good for Security!
4. Suggest the suitable security mechanisms/tools/techniques to ensure each of the above principles with proper justifications.
5. Apply the risk management procedure by identifying possible risks and its impact in profit/reputation of the organization.
6. Provide the deliverable worksheets at the end of each step of risk management process by making your own assumptions with clear description.
7. Explain various needs by which the access control requirements are driven by, with respect to the chosen system. Explain the minimal access requirements for each of the involved principals in the system. Identify the suitable access control mechanisms to be adopted by evaluating various access control methods.
8. Analyze any two possible intellectual property violations that could be performed by the cybercriminals in the considered system and how does IPR helps to combat them.
9. Recommend any three most appropriate physical security controls that are to be ensured for providing logical security of the considered system with proper justifications.
The final report should cover the following sections in the given order:
-Table of Contents
-Chapters that covers the detailed analysis of the above given aspects
Note: Each section/chapter should begin on a separate sheet.
***Words count = 2900 words.
*** In-Text Citations and References using Harvard style.