Computer Security $($CSI$1101)$

Computer Security Vulnerabilities and Countermeasures

Assignment Overview:

This assessment requires you to write a report on a given scenario, which investigates existing security

issues $($technical and non$-$technical$)$ and propose countermeasures to overcome the identified

problems. The scenario has been developed after observing various real$-$world security vulnerabilities

that organisations face, which cyber criminals can leverage.

This assessment will develop your understanding of analysing security issues and applying the

knowledge acquired throughout the semester to provide solutions to these issues. You will also be

required to seek guidance from various security forums$/$manuals such as the 'Australian Government

Information Security Manual', 'The Australian Signals Directorate $($ASD$)$ Top $35$ Mitigation Strategies'$/$

'Essential Eight', several 'NIST Standards', SANS resources, and others. References to these resources

will be provided through weekly modules. You should also apply feedback from your report

assessment to improve your writing skills according to industry standards.

Scenario:

Great Care Hospital $($GCH$)$ is a hospital in Perth, Western Australia, providing diagnostic, treatment,

and rehabilitation for patients suffering from various health issues. $GCH$ extensively relies on the use

of technology and, hence, has a large digital footprint, making its services more accessible for patients

and improving its management of both employees and its services. As part of its operations, GCH

collects$/$stores sensitive data, which is digitally processed and stored. A few months ago, GCH became

a victim of a double extortion cyber attack where a significantly large number of files carrying

sensitive$/$personal health information of patients being treated at $GCH$ were stolen by a cyber criminal

group. The incident triggered a backlash from the community, demanding $GCH$ to undergo a cyber

security audit of its systems, operations, and policies to highlight significant grey areas requiring

immediate action. Resultantly, the chief executive of GCH$,$ Tash, has agreed to a security review of its

digital footprints, recommending prevailing cyber security guidelines$/$standards$.$ GCH$\text{'}$s existing setup,

awareness and behaviour are as follows:

a$.$ Every employee at $GCH$ uses the organisation's computer with administrative privileges to

undertake their daily routine work.

b$.$ GCH requires employees to change their passwords every twelve months, consisting of a minimum

of $6$ characters with a mandatory requirement of having one special character in the new

password.

c$.$ GCH employees are authenticated using password$-$based authentication.

d$.$ The data is encrypted using Vigen$$re cipher to ensure confidentiality.

e$.$ GCH uses a web$-$based application to run its daily operations. The application stores user

passwords in the database using the Secure Hash Algorithm $1($SHA$)$ cryptographic hash function.

f$.$ The web$-$based application is running Transport Layer Security $($TLS$)$ version $1\mathrm{.}0.$

g$.$ The healthcare provider disposes of their storage devices after using them for a few years, with

data being deleted using software with a single pass.

h$.$ The employees are allowed to work from home and connect to the GCH$\text{'}$s network using the

default Remote Desktop Protocol $($RDP$).$