Legal Issues in Information Security: Unit 1 Case Scenario Complete Solution

Question: #1566

You are the new System Support Technician at Premier Collegiate School. This private school has students from grade 7 to grade 12 with 300 students, and 30 staff members and teachers. Each of the ten administrative staff has a dedicated desktop computer. The school principal, Ashton Symonds, has a notebook computer which she takes home and when traveling to conduct both school business, and personal tasks. She maintains a Facebook and MySpace account to be able to monitor the activities of the students who also have such accounts.

The teachers have ten computers that they share in the teachers’ lounge to record grades and do all work associated with conducting their assigned classes (daily lesson plans, research, handouts, tests, quizzes, and final exams). There are two servers functioning in the school, one for the administration business, and one to serve student needs. The administration server has dedicated storage for each of the teachers and both hard wired access and wireless access throughout the school. The student server has applications the students might need for their schoolwork. In addition, the student server provides wireless access for student-owned and school-required laptop computers. All students are required to have laptop computers with wireless access. There is also one dedicated computer lab with twenty-five desktop computers for the students to use in computer science classes.

Principal Symonds has requested that you prepare an asset list and prioritize the assets based on their importance to the function of the school and the level of protection required for each asset.

Overview

Premier Collegiate School is a private school with a student enrollment of 300 and 30 faculty members. There are two servers functioning in the school, one for the administration business, and one to serve student needs. There are 35 desktop PC used by teachers and students and one portable laptop used by the school principle. Enrolled students are required to provide privately owned laptop for their school work. An asset list is required with priorities based on their importance to the function of the school and the level of protection required for each asset.
Premier Collegiate School asset list:

IT Asset Description	Seven Domains of Typical IT	Privacy Data Impact	Assessment [1-Critical, 2-Major, 3-Minor]
Server #1 Administration Business	Systems/Application Domain	FERPA	1
Server #2 Student Applications	Systems/Application Domain	FERPA	1
Desktop Computer Administrative Staff	Workstation Domain	FERPA	2
Notebook Computer School Principal	Workstation Domain	FERPA	1
Desktop Computer Teachers’ Lounge	Workstation Domain	FERPA	2
Student Required Laptops	Workstation Domain	FERPA	1
Student Computer Lab	User Domain	FERPA	2

The level of severity is based upon the downtime associated with the asset. It ranges from 1 to 3, 1 being critical, 2 being major, and 3 being minor. If one of the servers was to become compromised, then it would take a minimum of three days to get the server back up and running, therefore the severity level would be a 3. With the server down, that means the teachers cannot access the materials to teach their classes and they cannot update the student’s grades, these matters are very important.

If a computer in the student computer lab was to get compromised, then all that would have to be done to fix it, is simply reimage the workstation. That would only take an hour at the most and there are still 24 machines available to the students. So the level of severity would be a 2.

Solution: #1550

Legal Issues in Information Security: Unit 1 Case Scenario Complete Solution

The purpose of the risk assessment was to identify threats and vulnerabilities related to the school. The risk assessment will be utilized to identify risk, analyze them and then prioritize risks on the basis of analysis related to economic analysis of companies or organizations concerned with department of Commerce (BEA). Risk assessment will provide the details of threats and vulnerabilities to the...