Australian National University

College of Engineering and Computer Science

COMP2410

Networked Information Systems

Assignment 2

In this assignment, you are required to submit a report in the form of a single html file. You can submit additional files, if required, and these can be image files, in the form of jpg, gif or png images; or css files. Make sure that all of these files (including the specified one) are located in the same directory and that you submit all of them. Use relative links to refer to such files, eg, <a img src="myimage.jpg">. This assignment will be updated on a regular basis. Clarifications and modifications will be added as and when required.

This is a group assignment and should be completed in groups of 2. Both people in the group must contribute equally to the assignment. It is strongly recommended that both people in the group work collaboratively, rather than split the workload and work in isolation. Please note that a comp2410 student can only form a group with another comp2410 student, and not with a comp6340 student. Likewise, a comp6340 student can only form a group with another comp6340 student, and not with a comp2410 student.

Note that all work submitted must be entirely your own work. Make certain you use quality information and that you carefully reference all the material that you use. It is unacceptable to cut and paste another author's work and pass it off as your own. Anyone found doing this, from whatever source, will get a zero for the assignment. Any material that you wish to quote should have the source clearly referenced. Read the school's policy on plagiarism, to be found in the Research School of Computer Science Student Handbook.

It is strongly suggested that you start working on the report right away. You can submit as many times as you want. Only the most recent submission will be assessed. Check that your files work on the student system before submission. Please ensure that you copy your submitted files to an appropriate folder in your directory on the student system as well.

Note that the COMP2410 assignment is for the undergraduate students and the COMP6340 assignment for the postgrad students. The two are not interchangeable. If you find problems with this assignment (e.g., something is not clear, or there are broken links), please get in contact with the course lecturer immediately.

Task
First posted: Mon Apr 29 11:16:32 EST 2013
Last modified: Mon Apr 29 11:16:32 EST 2013
Questions to: Ramesh Sankaranarayana

You are to select a specific category of mobile device, and a specific category of networked information system (e.g. Android devices and Internet Banking, or Apple iPads and the iStore, or iPhones and FourSquare, or Android devices and Google Latitude, ...). You cannot use any of the Social Media sites that were listed in Assignment 1.

You are to prepare responses to each of the following questions. You may divide up the work so that some tasks are performed by one team-member, and other tasks by another team-member. However, each of you must share what you've learnt with the other team-members, and the response must be a single team-answer.

1. Provide a description of the networked information system that you have chosen. Include sufficient detail about the actions of the user, and of each of the devices and organisations involved in the process, to support the following analyses. Higher marks are available if you use some clear diagrams as part of your description, and provide some technical details.
2. Conduct a Security Risk Assessment, from the viewpoint of the user of the networked information system. This must include identification of all relevant Threats, Vulnerabilities, Harm, and existing Safeguards.
3. For each Risk that you identify, consider the possible approaches to removing or mitigating the Risk, and then propose specific Safeguards that you recommend be adopted.

Your report can have at most 2500 words. It must contain a title and a section for each of the above questions. All references must be cited. The references will be included in the word count. If you include appendices, then submit this as a separate page. Appendices will not be included in the word count.

Submit your report as a single html file named riskassessment.html. Submit any appendices as a single html file named appendices.html. There should be a link from the report to the appendices.

Marking Scheme

The marks will be allocated as follows:

Question	Marks
1	30
2	40
3	30

Submission Guidelines

Make only one submission per group. You will need to submit your assignments electronically using subversion. Read the information on the assignments page for instructions on electronic submission of assignments.

Note that you can only submit your assignment electronically if you belong to a lab group. Make sure that you enrol in a lab group asap.

Late Assignments

If your submission is late, then a late penalty of 10% per day applies. Assignments will not be accepted one week after the deadline.

Extensions

Extensions will only be given under special circumstances. Students should send an email to Dr. Ramesh Sankaranarayana stating the reason for the request and attach supporting documentation (e.g., medical certificate). This should be done before the deadline. Requests for extensions after the deadline will not be accepted.