BS517 Data Security Jan26 Assessment Brief | The University of Law

ASSESSMENT BRIEF

L7 Data Security Module Leader:

Key Details and Requirements Learning outcomes:

1. LO1: Critically evaluate and assess data security risk within an organisation / systems.
2. LO2: Identify and recommend decisive actions to bridge security gaps and improve security.
3. LO3: Develop fundamental software considering data security risks.
4. LO4: Critically evaluate information security concepts for secure data storage using programming.

Declaration:

By sitting this assessment, I am confirming:

• That I have worked independently on this assessment submission, and I have not worked together with any current or previous student at the University to produce my submission, other than when officially permitted to do so;
• I also confirm the contents of my submission have not been generated by a third party;
• I have fully referenced and correctly cited the work of others, where required;
• I have not used any generative AI tools to generate, rephrase or otherwise produce content for this submission, except where their use was explicitly permitted, and I have read and understood the University's AI in Higher Education Policy and Protocols;
• I have read the Student Discipline Regulations and understand that any academic misconduct can lead to disciplinary consequences and undermine academic integrity;
• I understand that where applicable, I am expected to engage with my academic work in a manner that meets the professional standards and requirements set by the relevant Professional, Statutory and Regulatory Body (PSRB) or accrediting body for my course.

By submitting this assessment, I am confirming that I am fit to sit according to the Assessment Regulations.

Assessment details: Individual Portfolio, 100% (equivalent to 2,500 words). Portfolio should be written in PebblePad.
Referencing: Students are expected to use Harvard Referencing throughout their assignments where required. Please follow the Harvard Referencing Handbook for all your assignments at the ULBS.
Submission Method: Turnitin - Your work will be put through Turnitin. All submissions will be electronically checked for plagiarism.

You have the option to upload your work ahead of the deadline, more than once. ULBS will be reviewing your last submission only. You can only upload one file. For example, if your work contains a word document and power point slides/Excel spreadsheet you will need to copy your slides/spreadsheet into the word document. Note: Keep in mind that self-plagiarism (when you reuse your own specific wording and ideas from work that you have previously submitted without referencing yourself) is also a form of plagiarism and is not allowed.

ASSIGNMENT DETAILS

Scenario:

eSecureFin Limited is a rapidly growing financial services company that offers a range of financial products, including loans, investment management, and insurance services. With its expanding client base, eSecureFin Limited collects and manages a significant volume of sensitive personal and financial data, including national insurance number (NINO), credit card information, and financial transaction records. Over the past year, eSecureFin Limited has faced several security incidents that have raised serious concerns about its data security measures.

These incidents include but are not limited to:

• Data Breach: Unauthorised access to the company’s database resulted in the exposure of thousands of clients’ personal information.
• Phishing Attacks: Employees received fraudulent emails that led to compromised credentials and unauthorised system access.
• Insider Threat: A former employee used their access privileges to steal sensitive data before leaving the company.

eSecureFin Limited’s current data security measures are outdated and insufficient to handle the increasing threats. Key challenges include Inadequate encryption, weak access control, lack of monitoring, insufficient employee training.

You have been hired as a data security consultant for eSecureFin Limited. Knowing the history of recent incidents your task is to assess the current data security measures, identify gaps, and develop a python-based solution to enhance the company’s data security.

Assessment Description:

Task 1: Critically evaluate and assess the data security risks in the given scenario above. (LO 1)

Explain, critically evaluate and assess the data security risks using risk matrix (impact vs likelihood) and CVSS (common vulnerability scoring system) based on recent incidents in the given scenario above.

Task 2: Develop software solutions with consideration for data security risks and secure data storage principles. (LO 3, LO 4)

Based on the Task 1 evaluation, now develop software solutions considering the data security principles (eg, CIA). Provide evidence (screenshots and a Google Colab link) for 7 out of the 9 python scripts developed during the semester from consolidate section. Each screenshot must display the output and confirm that the code was executed correctly. Provide a brief explanation of how each script contributes to enhancing data security in the given scenario.

NOTE: Add the shareable colab link for verification.

Task 3: Identify and recommend decisive actions to bridge security gaps and improve security. [LO2]

Identify, describe and evaluate common cybersecurity frameworks and recommend one to enhance security. Provide the rationale for choosing this framework for the

scenario, and, if applicable, provide screenshots of the tools that was developed in task 2, to propose security improvements.

Task 4: Summary Report

Once you have completed individual tasks, you should write a summary report. This summary report serves as a platform for you to articulate and describe the key learnings derived from each task. It is an opportunity to synthesise insights, providing an overview of the knowledge and understanding acquired throughout the completion of the assigned tasks.

Portfolio instructions:

• Type your Student Reference Number on each page of your answer (suggested that it is put as a footnote in the document) if you are working on MS Word.
• Save your submission with the file name: Your Student Reference Number_ Module Name_Date
• Any write-up in the Portfolio should be written in PebblePad with font size 11, single spacing.
• Next, download the PebblePad as a PDF file and submit it to Turnitin.
• With each entry (item/artefact) you put in your portfolio, you should write a brief summary of why you have chosen this particular item/artefact and how it links to that particular section. You should then analyse it in accordance with the tasks as they are laid out in the instructions above.
• Proper citations are essential. All tasks require referencing academic and other sources, listed in a Harvard Referencing style, present a reference list at the end of the Portfolio. Whenever you use external sources (pictures, definitions, line of argumentation), clearly state this at the of the sentence or paragraph by providing a reference to the original article using Harvard Referencing style.

Please refer to the marking criteria (below) for a breakdown of how the tasks will be marked.

Assessment Criteria: