Assignment Overview: All Stars Dance (ASD) is a small dance club operated by six staff and currently has a member base of approximately two hundred dancers

Assignment Overview:

All Stars Dance (ASD) is a small dance club operated by six staff and currently has a member base of approximately two hundred dancers.

All Stars Dance operate from a dance studio with a small office located on the second floor of a three-storey building. ASD share a common lift to the second floor. The dance club operate during the day and in the evenings between 6 pm and 10 pm. Currently, anyone can access the second floor via the lift 24 hours a day, however, the studio locks the entry door when they close for the day, thus restricting access to the studio to opening hours only.

The dance club have two networked desktop computers on site, and one printer and is connected to the internet via a modem-router supplied to them by their ISP. New member applications and other information such as policy, procedures, and member information are stored both digitally (on computers or websites) and on-site in locked cabinets. The computers currently do not have authentication enabled.

The dance club has just launched a new web portal that provides its members with the ability to apply and pay for:

  • Dance club membership
  • Enter dance competitions
  • Register for testing. Dancers will apply for a test when they have reached a certain level in preparation for the next level, i.e., beginner, intermediate, advanced, and elite.
  • Make general enquiries

To become a member of the dance club, dancers are required to visit the website and apply for membership or renew their existing membership. Once a dancer enters the systems for the first time, i.e., pay for their first membership, they are provided with a username and password for the website to enter competitions and register for dance tests.

The web portal is an open-source Content Management System (Joomla CMS) that is hosted in Australia by a third-party hosting provider. The CMS handles memberships, competition events and member information such as dance levels (beginner to advanced) and personal information (age, gender, address).

Club membership runs from January 1 through to December 31 each year regardless of the application date. The CMS allows members to purchase a membership, read member-only news and register for events or dance tests online; thus, the CMS is responsible for most of the member data processing.

Member payments are processed using a third-party merchant gateway, SecurePay, and deposited directly into the club’s nominated bank account. Once a member has paid for membership, the system adds the member to a mailing list and updates permissions on the user account which authorises access to member resources on the CMS.

The mailing list is stored and processed by Mailchimp; a third-party provider located in the United States. Personal information collected for the mailing list includes full name and email address. No other information is transferred to Mailchimp.

The dance club also receives emails from parents and other members, either via the website contact page or directly via email. The emails are accessed using Microsoft Outlook on the computers located in the office.

Enquires submitted through the website are stored on the CMS and emailed to the staff admin email account that is accessed on the desktop computers in the office.

Dance club staff have access to administer the CMS remotely using portable devices, or on-site using the computers in the office. Staff change frequently and currently there are no controls in place to restrict system privileges either on the desktop office computers or the CMS. When a staff member is granted access by the system admin, they have full administrative rights to the desktop computers and the CMS.

The owner of the dance club acts as the system administrator for the CMS and desktop computers but has little technical knowledge and lacks an understanding of information security practices. The owner knows only how to create new user accounts with full system access.

There are four primary functions staff need to perform for the club and its members:

  1. Update member information via the CMS when necessary
  2. Answer emails
  3. Update the latest news on the CMS
  4. Add events to the CMS so members can register online
  5. Add testing sessions to the CMS each month
  6. Perform bank reconciliations, i.e., match the income from the CMS to the bank statements. Staff can see all the transactions from the events and membership applications running within the CMS.

 

 

Assessment Tasks

All Stars Dance would like an Information Security assessment on the threats facing their information system and a recommendation on how to protect the information assets.

 

Task 2 – Identify the security management standards and framework 

In this task students are required to discuss the implementation steps for the ISO27001 and NIST (National Institute of Standards and Technology) Cybersecurity frameworks

Complete Answer:

Get Instant Help in Homework Asap
Get Instant Help in Homework Asap
Calculate your paper price
Pages (550 words)
Approximate price: -
Open chat
1
Hello 👋
Thank you for choosing our assignment help service!
How can I help you?