Case study report ITNET202A (Enterprise Security) 2020.1
A. Task:
You are to provide a security architectural design for a new, internet-based bank that you are setting up, having been granted a banking license under the new “No More Squirrelling” legislation recently passed by the Federal Government.
The requirements for this design are described below.
Because you are dealing with a bank, a number of security concerns at various levels need to be addressed in your architecture:
1. Compliance with federal and state legislation,
2. Public confidence in your enterprise by providing confidentiality, availability and integrity of customer data,
3. Privacy of customer data,
4. Interoperation with other financial institutions, both nationally and internationally,
5. Compliance with international standards,
6. Security of all bank assets,
7. Current trends in customer engagement via the internet
Your design needs to deal with enterprise architectural issues relating to application security, platform/OS security, network security and storage security.
The decision has been made to run the bank’s IT operations in a Cloud environment.
B. Components you need to deliver:
1. I suggest that you use reference architectures if you can find these. The purpose of this work product is to show what types of security services you intend to provide, what types of cloud services you will be using (private, public, hybrid, SaaS, PaaS, IaaS), what types of systems and networking you will need for the bank – consider head and branch office systems and networks, ATM and EFTPOS systems and networks, international links.
You will need to make reasonable assumptions about sizing, capacity, etc. of the various IT components, and you need provide a design for best security practice, i.e. cost is less of an issue than having security exposures and weaknesses.
Case study report ITNET202A (Enterprise Security) 2020.1
2. Detailed (logical level) security architecture. This will include specific details of what security services
you will provide, what networking you will provide, what application systems you will be protecting,
what tools you will be using.
3. Detailed design (physical level) of your main processing site(s), irrespective of use of Cloud. This will
include location, security equipment, networking devices, storage sizing, management tools, operational
components for the detailed security architecture.
4. Costing estimates (both labor, hardware and software, both for implementation and operation)
5. Planning estimates with enough detail to show estimates at equipment installation level
6. Resourcing estimates
7. Description of the security services you are planning to provide, why, and where they will be located
in relation to the bank’s IT systems and networks.
8. Equipment lists describing what equipment you will be implementing to provide these security
services.
Case study report ITNET202A (Enterprise Security) 2020.1
For these latter components, you would benefit from using the SABSA Framework for Security Service Management.
C. Approach:
Use the SABSA framework as a guide for your work products. Concentrate on the How, Who and Where (Process, People and Location) columns. You will have to do some research about how an organization like a bank would be running its IT systems and what they would consist of.
Case study report ITNET202A (Enterprise Security) 2020.1
E. Assessment: Marking criteria:
This work is worth 40% of the final subject mark but will be marked out of 100.
Marks will be awarded for:
a. Report format and style - 10
b. Thoroughness and reasonableness of your assumptions - 10
c. Application of use cases to your assumptions - 10
d. Linking of business requirements to your solution - 10
e. Consistency between high level architecture, detailed architectures and detailed designs -10
f. Relevance of your architectures and designs to business requirements and use cases - 10
g. Delivery of all required work products and completeness of your solution - 15
h. Proof of application of security best practice in your solution -15
I. Referencing and intext citation- 10