BUS369 SUSS Risk Assessment Managing Information Security And Privacy

Do Question 3 only (Word Limit: 1000 words)
Refer to the BUS369

The article mentioned three information assets – student admissions system, examination database and student portal. You are asked to conduct a simple risk assessment for these three assets. Assume that the information assets are used for the following purposes:

 Student admissions system – An online system for potential students to apply for admission to the university

 Examination database – An internal system used by the teaching and administrative staff for examination purposes. Examination papers for upcoming examinations are stored in this database.

 Student portal – A one-stop online system for students to access university resources and IT applications for students

(a) Apply the risk identification techniques that you have learned in this module to prepare a weighted factor analysis worksheet. You should first propose and justify three (3) appropriate criteria which can be used to prioritise the information assets. Assign weights to each criterion and assign values to each of the three assets, and present the information in a format similar to Table 6-2 (page 263) of the textbook. Give brief reasons for the values you assigned.


NUS, NTU networks hit by ‘sophisticated’ cyber attacks

By: Justin Ong Source: Channel NewsAsia Published: 12 May 2017 02:00pm Updated: 15 June 2017 09:02pm

SINGAPORE: The National University of Singapore (NUS) and Nanyang Technological University (NTU) suffered separate IT network breaches in April, according to the Cyber Security Agency (CSA) and the Ministry of Education (MOE) on Friday (May 12).

On Apr 11, NUS detected an unauthorised intrusion into its IT systems through a single server, while NTU detected a malware attack on Apr 19 possibly due to phishing or browsing of infected sites.

Both universities then alerted CSA, which has since been assisting them by conducting forensics and implementing mitigating measures, the joint press release added.

The objective of the attacks “may be to steal information related to Government or research”, said authorities, adding that “there is no evidence that information or data related to students was being targeted”.

Malicious activity was also detected in other institutions, Government agencies and industries during this period – but these were isolated and limited incidents which were quickly cleaned up, Channel NewsAsia understands.


This is the first sophisticated cyber-attack on Singapore universities. It was targeted, carefully planned and “not the work of casual hackers”, said authorities.

The attacks were not part of a coordinated, orchestrated campaign and were not identical – they did not originate from the same place, and were not conducted by the same people.

But Advanced Persistent Threat (APT) actors – perpetrators who manage to gain access to a network without being detected and are able to continuously access information whenever they want over a period of time – were involved in both incidents.

“However, as the universities’ systems are separate from Government IT systems, the extent of the APTs’ activities appear to be limited,” said CSA and MOE. “The daily operations of both universities, including critical IT systems such as student admissions and examination databases, were not affected.”

Said CSA chief executive David Koh: “We know who did it, and we know what they were after. But I cannot reveal this for operational security reasons.”

CSA, MOE and the universities said they would not be able to provide further details about the incident as it “could impact the effectiveness of additional defensive and preventive measures being put in place”.

BUS369e Group-based Assignment
Minister for Communications and Information Yaacob Ibrahim wrote on Facebook on Friday that the attacks are a “stark reminder” that cyber threats are real in Singapore. He added that the breaches are of concern, but that the situation has been contained.

“As we become more digitally connected, such threats will continue to increase in sophistication, and both public and private sector organisations are equally vulnerable,” Dr Yaacob said, who added that individuals can also do their part to be vigilant and practise good cyber hygiene.


A NUS spokesperson said “immediate action was taken to isolate and remediate affected desktop computers and servers”. Similarly, NTU said it immediately removed and replaced affected machines which included shared personal computers and front-end workstations.

“NUS and NTU have increased vigilance, and adopted additional security measures beyond those already in place,” said the authorities.

CSA has reached out to other autonomous universities in Singapore, as well as Critical Information Infrastructure (CII) sectors and Government, to step up monitoring and checks on their networks.

“There has been no sign of suspicious activity in CII networks or Government networks thus far,” said authorities.

In an email to NUS students on Friday, the university’s chief IT officer Tommy Hor informed them that additional measures would be put in place to safeguard its IT systems. These include stepping up network and system monitoring as well as enhancing security management.

The email added that students are not required to change their password for NUSNET, which is the portal used for accessing email and e-resources, although they can if they want to.

“This incident highlights the rising sophistication of cyber security attacks and the need for heightened vigilance,” said Mr Hor. “We would like to emphasise the importance of adopting good cyber and information security practices.”

The latest cyber-attack comes on the heels of the Ministry of Defence’s revelation in February that the personal data of 850 national servicemen and employees were stolen following a breach in its I-net system. The Ministry of Foreign Affairs’ IT system was also breached, according to Minister for Communications and Information Yaacob Ibrahim in Parliament in 2015.

CSA’s Mr Koh previously said that from 2015 to June 2016, there have been 16 waves of targeted cyber-attacks surfaced to the agency’s attention.

Retrieved from: https://www.channelnewsasia.com/news/singapore/nus…