CSC8202代做、WEB编程语言代写、代做web、HTML设计

日期：2019-11-14 11:19

INFORMATION SECURITY AND TRUST (CSC8202)

MODULE COURSEWORK

Deadline: 22nd November 2019

Scenario

Health 123 are a UK-based company. Health 123 are developing a Web application. Based

on symptoms entered by the user, their gender and their date of birth, the application will

provide a recommended course of action for treatment. The course of action for treatment

will include the specific service to contact (e.g. Emergency Department) and the urgency

which with the service should be contacted. Health 123 are planning to supply periodic

usage summaries from their application to another UK-based company, Health 456. These

usage summaries will contain details of the queries made by users and include: the location

of user, their symptoms, gender and date of birth and the date/time on which they made

the query. Health 456 will use the usage summaries to design and deliver health services.

Selected data flows and processing activities are illustrated in the diagram below.

User Health 123 Health 456

1. User Registration Details

Email Address, Telephone Number, Password,

Gender, Date of Birth

8. Usage Summary Details

[(Location, [Symptom], Date/Time, Gender, Age)]

2 INFORMATION SECURITY AND TRUST (CSC8202) MODULE COURSEWORK

Questions

Answer the questions below using the information provided for the scenario.

You must answer ALL questions in BOTH parts.

Part One

[50 marks]

(1) Describe the process of user authentication that is used within the application.

[10 marks]

(2) Health 123 are planning to use Hierarchical Role Based Access Control (RBAC) to

control internal access (i.e. within Health 123) to the data used by the application.

(a) Define a set of indicative roles for staff within Health 123 and structure these

roles in a hierarchy that could be used to control access to resources within

Health 123.

[5 marks]

(b) Describe how a chosen contextual constraint could be used by Health 123 to

restrict the activation of specific roles following authentication.

[5 marks]

[10 marks in total]

(3) Construct an attack defence tree to model unauthorised access to a user account.

Details of feasibility, cost and countermeasures do not need to be included.

[30 marks]

Please turn over to next page.

INFORMATION SECURITY AND TRUST (CSC8202) MODULE COURSEWORK 3

Part Two

[50 marks]

(1) Health 123 have determined that they are processing special category (or ”sensitive”)

data. State whether you agree with their position and justify your answer

with reference to relevant legislation.

[5 marks]

(2) Based on feedback from focus groups, Health 123 have determined that the majority

of users are likely to access the Web application using a mobile device. Explain

why access to the Web application using a mobile device presents a challenge for

Health 123 in providing privacy information to users.

[15 marks]

(3) Users enter their symptoms into the Web application as free text e.g. ”headache

and coughing” and ”high temperature”.

(a) Explain why this might pose a threat to the privacy of the users (or others).

[10 marks]

(b) Define a strategy for the anonymisation of the Usage Summary Details. All

attributes and records must be retained by the anonymisation process.

[15 marks]

(c) Provide a brief rationale for your strategy with reference to the concepts of

risk and utility.

[5 marks]

[30 marks in total]