Complete Coursework 1 only
This document is for Coventry University students for their own use in completing their assessed work for this module and should not be passed to third parties or posted on any website. Any infringements of this rule should be reported to
[email protected]. Faculty of Engineering, Environment and Computing 303CEM Security and Compliance in the Cloud Assignment Brief 2021/22 Module Title Security and Compliance in the Cloud Ind/Group ECU178, ECU179 and ECU098 Cohort (Sept/Jan/May) Module Code 303CEM Coursework Title (e.g. CWK1) 303CEM Resit Assignment Hand out date: 30/05/22 Lecturer Dr Mohamed Abdelshafy Due date: 04/07/22 at 6 pm Estimated Time (hrs): 80 hours Word Limit*: 2500 CW1 / 2500 CW2 Coursework type: Individual coursework (CW1) & Individual coursework (CW2) % of Module Mark 100% (CW1 50% and CW2 50%) Submission arrangement online via Aula: Yes File types and method of recording: Pdf Mark and Feedback date: 25/07/22 Mark and Feedback method: via Aula Module Learning Outcomes LO1 Demonstrate a sound understanding of techniques for business continuity such as Business Impact Analysis. LO2 Apply continuity planning and disaster management on both local and cloud-based ICT resources to an organisational scenario. LO3 Design, build and test a range of secure, virtual networks to solve defined business requirements. LO4 Use a range of tools and techniques to carry out a security audit and develop strategies to reduce risk. LO5 Interpret and apply relevant legal considerations when storing data in the cloud. Task and Mark Essential Information Overview This assignment requires you to configure, deploy and test a working virtual cloud-based system. The assignment consists of two different elements: 1. CW1: An individual practical element that requires you to work in a team to develop a network-based system. The weighting of this work is 50% of the overall module grade. You must submit a group report of 2500 words with the evidence of the designing, configuring and testing the system your group developed. 2. CW2: An individual reflective report of 2500 words that considers business continuity and legal issues in relation to the network system provided in the practical element of the assignment. The report worth 50% of the overall module grade. mailto:
[email protected] This document is for Coventry University students for their own use in completing their assessed work for this module and should not be passed to third parties or posted on any website. Any infringements of this rule should be reported to
[email protected]. CW1 - Practical Element Brief A UK mobile phone retailer company that sells handsets from leading smartphone brands and mobile phone contracts from the UK mobile networks has offices in London, Cardiff, Edinburgh and Belfast. The company has consulted your network solutions group to build a cloud network which includes a range of secure virtual networks that will host its online website and services. This cloud network should enable the company to promote their services and deals. It should allow customers to search for their preferred specifications, place an order, arrange a payment plan, etc. The requirements for the system are as follows: 1. Design the topology/layout of the system to be developed considering all the servers needed for the support of the core services of the business. 2. Develop the network system configuring and deploying the servers properly 3. Apply testing and security analysis to the developed system You are free to use your interpretation of the task as long as you have addressed the key points required. Practical Element Information During the practical/lab sessions you will be required to complete a set of workshops that will help you to acquire the skills needed for the completion of the practical coursework (CW1). This practical coursework covers the learning outcomes LO1, LO3, LO4 and LO5. The technical skills required to pass this element is covered in those sessions. Your group work will be marked using the Practical Element grading rubric. Details of the Practical Element ▪ Design (30%): a. Produce the architecture of the internal network to be implemented. Discuss the network topology and explain why this type of topology was used. b. Explain which servers have been considered and why. Explain how the servers used support the business services, information distribution, system security, etc. c. Describe the features of the servers that are used to enhance the functioning and security of the system. ▪ Development (30%): a. Produce the system complying with the design provided in the previous task. b. Demonstrate the proper connectivity of the servers and the implementation of the firewall. c. Demonstrate a proper level of system configuration, deployment and scalability. ▪ Security (30%): a. Demonstrate the use of security testing applied to the developed system. b. Propose solution for the security issues discovered and show how they mitigate the problems. c. Show that different privileges and rights have been applied to the user accounts ▪ Report Structure and Presentation (10%): a. The report should have a good structure, nice presentation style and coherence of its content that will help the organisation. Figures should be added to present the design, development and testing of the proposed system. b. The report should have a clear narrative linking propositions, evidence and judgments. Facts will be clearly differentiated from opinions, all sources used must be evidenced by reference to other works following the CU Harvard Reference Style. mailto:
[email protected] This document is for Coventry University students for their own use in completing their assessed work for this module and should not be passed to third parties or posted on any website. Any infringements of this rule should be reported to
[email protected]. Submission You are required to submit a 3000-word group report in a PDF format via Aula (TurnItIn). The deadline for this coursework is on 4th April 2022 at 6 pm. If needed, use the github.coventry.ac.uk as a repository for the source code/configuration scripts, etc. and relevant documentation. Both, the CU GitHub commits (if your group decided to use it), and work on your prototype network MUST be completed before the submission deadline. The group must set the repository as private while the members of teaching team must be added as collaborators to your private CU GitHub repo. (CW2) Individual Reflective Report Brief You are asked to write an individual report that will consider business continuity issues in relation to the network system provided in the practical element of the assignment. Specifically, in the report, you need to consider the following: ▪ Threat Analysis, Risk Assessment and Business Impact Analysis: Identify the potential threats that could emerge with respect to the considered system which could lead to disruptions of the network and discuss the respective risk assessment. ▪ Business Continuity Plan and Disaster Recovery Plan: Design and develop a detailed outline of a BCP for the produced system that will indicate the process steps that need to be followed. Create a plan that will demonstrate the appropriate actions for the recovery of the business after certain disaster scenarios. ▪ Legislation and Regulations: Discuss the national and international current legislation that should be considered for the developed system. Individual Reflective Report Information At the end of the module you will be expected to submit an individual reflective report. This must be entirely your own work. The report is based on the practical element that you have completed and covers the learning outcomes LO1 and LO2. Your report will be marked using the Individual Reflective Report grading rubric. You may include your personal Reflection on group performance. Details of the Individual Reflective Report ▪ Threat Analysis, Risk Assessment and Business Impact Analysis (30%): a. Apply the Threat Analysis and Risk Assessment to your system considering several different case scenarios, which should identify threats and hazards that could lead to disruptions related to the network and business nature of the examined system (e.g. network hazards or threats) b. Apply the Business Impact Analysis to your system considering at least three different case scenarios, which should be based on disruptions related to the network nature of the examined system (e.g. network disruptions or threats considered). ▪ Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) (30%): a. Design and implement a BCP outline that will consider the appropriate process stages required for the successful continuation of the operation of the company and its critical services. b. Provide a thorough description of the actions, resources and requirements identified in each of these stages contributing to the successful continuation of the business operation and services. c. Develop a detailed Disaster Recovery Plan that will enable the application of recovery strategies related to the different case scenarios considered in the TRA stage. These strategies should target the successful recovery of the company’s IT systems, equipment, applications, resources, operation and services. mailto:
[email protected] This document is for Coventry University students for their own use in completing their assessed work for this module and should not be passed to third parties or posted on any website. Any infringements of this rule should be reported to
[email protected]. ▪ Legislation and Regulations (30%): a. Indicate the current legislation that should be considered for the developed system. b. Provide thorough explanation of how the legislation considered is related to the security requirements of this specific system. ▪ Report Structure and Presentation (10%): a. The report should have a good structure and nice presentation style that will help the organisation and coherence of its content. b. The report should have a clear narrative linking propositions, evidence and judgments. Facts will be clearly differentiated from opinions, all sources used must be evidenced by reference to other works following the CU Harvard Reference Style. Submission You are required to submit a 2500-word individual reflective report in a PDF format via Aula (TurnItIn). The deadline for this coursework is on 4th April 2022 at 6 pm. Assignment/Coursework Resit The two elements of the assignment described above are assessed separately. To pass the module, the grade for each of these two elements needs to be 40% or above. If