Suss student handbook

The article mentioned three information assets – student admissions system, examination database and student portal. You are asked to conduct a simple risk assessment for these three assets. Assume that the information assets are used for the following purposes:

 Student admissions system – An online system for potential students to apply for admission to the university

 Examination database – An internal system used by the teaching and administrative staff for examination purposes. Examination papers for upcoming examinations are stored in this database.

 Student portal – A one-stop online system for students to access university resources and IT applications for students

(a) Apply the risk identification techniques that you have learned in this module to prepare a weighted factor analysis worksheet. You should first propose and justify three (3) appropriate criteria which can be used to prioritise the information assets. Assign weights to each criterion and assign values to each of the three assets, and present the information in a format similar to Table 6-2 (page 263) of the textbook. Give brief reasons for the values you assigned.

Case:

NUS, NTU networks hit by ‘sophisticated’ cyber attacks

By: Justin Ong Source: Channel NewsAsia Published: 12 May 2017 02:00pm Updated: 15 June 2017 09:02pm

SINGAPORE: The National University of Singapore (NUS) and Nanyang Technological University (NTU) suffered separate IT network breaches in April, according to the Cyber Security Agency (CSA) and the Ministry of Education (MOE) on Friday (May 12).

On Apr 11, NUS detected an unauthorised intrusion into its IT systems through a single server, while NTU detected a malware attack on Apr 19 possibly due to phishing or browsing of infected sites.